Google Search Appliance Connectors Deploying the Connector for Active Directory Google Search Appliance Connector for Active Directory software version 4.0.3 Google Search Appliance software version 7.
Table of Contents About this Guide Overview of the GSA Connector for Active Directory Automatic updates every 15 minutes ACL support Domain support Limitations Usage limitations Groups database limitations Supported operating systems for the connector Supported Active Directory repositories Before you deploy the Connector for Active Directory Deploy the Connector for Active Directory Step 1 Configure the search appliance Step 2 Install the Connector for Active Directory Step 3 Configure optional adaptor-con
About this Guide This guide is intended for anyone who needs to deploy the Google Search Appliance Connector 4.0.3 for Active Directory. The guide assumes that you are familiar with Windows or Linux operating systems and configuring the Google Search Appliance by using the Admin Console. See the Google Search Appliance Connectors Administration Guide 4.0.3 for general information about the connectors, including: ● What’s new in Connectors 4.
Overview of the GSA Connector for Active Directory The Connector for Active Directory feeds group information from an Active Directory network to the search appliance’s onboard group database. The Connector for Active Directory creates an XML groups feed for pushing the information to the search appliance. For detailed information about XML groups feeds and onboard group resolution, see Feeding Groups to the Search Appliance in the Feeds Protocol Developer’s Guide.
Automatic updates every 15 minutes After the initial process completes, the connector periodically sends updates to the search appliance, according to the value set in the connector configuration option adaptor.incrementalPollPeriodSecs. The default interval value is 15 minutes, but you can configure it to suit your needs. For more information, see “Common configuration options” in the Administration Guide. ACL support The Connector for Active Directory 4.
ad.servers=domain1,domain2 ad.servers.domain1.host= ad.servers.domain2.host= For example, for multiple domains, you might create the following configuration: gsa.hostname=yourgsa.example.com ad.defaultUser=Admin ad.defaultPassword=PassW0RD # ad.servers is list of servers, one per domain ad.servers=AMER,ASIA ad.servers.AMER.host=111.111.111.111 ad.servers.AMER.method=standard ad.servers.AMER.port=389 ad.servers.ASIA.host=222.222.222.222 ad.servers.ASIA.method=standard ad.servers.ASIA.
● GSA refuses group feeds larger than the maximum cumulative number of group members that are allowed for your model of the search appliance. For detailed information about this topic, see the Feeds Protocol Developer’s Guide.
Before you deploy the Connector for Active Directory Before you deploy the Connector for Active Directory, ensure that your environment has all of the following required components: ● GSA software version 7.2.0.G.90 or higher, to support up to 1 million group memberships If you need to support over 1 million group memberships, then use GSA software version 7.2.0.G.230 or higher. To download GSA software, visit the Google for Work Support Portal (password required). ● Java JRE 1.
Deploy the Connector for Active Directory Because the Connector for Active Directory is installed on a separate host, you must establish a relationship between the connector and the search appliance. To deploy the Connector for Active Directory, perform the following tasks: 1. Configure the search appliance 2. Install the Connector for Active Directory 3. Optionally, configure adaptor-config.properties variables 4.
As part of the installation procedure, you need to edit some configuration variables in the configuration file. Take note that you can encrypt the value for ad.defaultPassword before adding it to the file by using the Connector Dashboard, as described in “Encode sensitive values,” in the Administration Guide. To install the connector: 1. Log in to the computer that will host the connector by using an account with sufficient privileges to install the software. 2. Start a web browser. 3.
ad.defaultPassword=PassW0RD ad.servers=firstServer,anotherAdServer ad.servers.firstServer.host=111.111.111.111 ad.servers.firstServer.method=standard ad.servers.firstServer.port=389 ad.servers.firstServer.user=EXAMPLE\\Administrator ad.servers.firstServer.password=yourpassword ad.servers.anotherAdServer.host=222.222.222.222 ad.servers.anotherAdServer.method=standard ad.servers.anotherAdServer.port=389 adaptor.namespace=host, port, method (ssl or standard) is repeated for each Active Directory host.
server.hostname Optionally the hostname of the server running Connector, in case automatic detection fails. Name of localhost adaptor.namespace=Default Namespace used for ACLs sent to GSA. Default adaptor.fullListingSchedule Schedule for pushing all group definitions. "0 3 * * *" which is 3AM adaptor.incrementalPollPeriodSecs Schedule for getting recent updates. 900 seconds which is 15 minutes adaptor.
To run the connector as a service, use the Windows service management tool or run the prunsrv command, as described in “Run a connector as a service on Windows” in the Administration Guide.
Uninstall the Google Search Appliance Connector for Active Directory To uninstall the Connector for Active Directory: 1. Click the Change GSA_AD_Adaptor Installation icon on your desktop. The Uninstall GSA_AD_Adaptor page appears. 2. Click Next. 3. On the Uninstall Options page, select an option: ○ Complete Uninstall. Google recommends selecting Complete Uninstall. ○ Uninstall Specific Features. If you click Uninstall Specific Features, select Application. 4. Click Uninstall. Files are uninstalled. 5.
Troubleshoot the Connector for Active Directory For information about troubleshooting the Connector for Active Directory, see “Troubleshoot Connectors,” in the Administration Guide.
