Use this support matrix as a quick lookup of supported directory features.
Active Directory Features | Supported By Content Platform Engine |
---|---|
One-way SSL | Yes |
Two-way SSL | No |
Universal Groups | Yes |
Security Groups | Yes |
Distribution Groups | Yes |
Nested Groups | Yes |
Builtin Groups | No |
Users and groups belonging to custom Active Directory objects | Yes |
Supported User type (objectClass) | user |
Supported Static Group types (objectClass) | group |
Follow referrals for Search (for User/Group retrieval) | No |
Roles | No |
Directory aliases | No |
Native Mode Active Directory | Yes |
Mixed Mode Active Directory | Yes - No support for NT4. |
Restrict to single realm | Yes - By configuring just one realm. |
Support multiple realms and domains | Yes |
Support multiple forests | Yes |
Support users and groups migrate from domain to domain within a forest | No |
Support domains across multiple forests | Yes |
Configurable user short name attribute | Yes. Because the short name does not contain realm information, short names must be unique across all your configured domains and realms. |
Configurable group short name attribute | Yes. Because the short name does not contain realm information, short names must be unique across all your configured domains and realms. |
Configurable user display name attribute | Y |
Configurable group display name attribute | Y |
Configurable principal Name - Boolean flag | Yes If true: shortname@authentication.domain If false: full DN |
DNS Site | Yes – Resolve domain controllers in a given DNS site. |
Multiple authenticating attributes support | Yes – Can authenticate against the same Active Directory server using multiple attributes, such as samAccountName, userPrincipalName, or distinguishedName. See Configure multiple authenticating attributes. |
Use userPrincipalName (UPN) or email as shortname | Yes - for user short name. See Configure
Content Platform Engine to use UPN or email for login. Do not use email for group short name |
Sorting | Yes – Return users and groups in sorted order: either ascending or descending order. |
Paging/Continuation | Yes – Return users and groups page by page. Page continuation happens automatically in the back end. |
Server side sorting | Yes (Required) - Server Side Sorting (SSS) must be enabled. This is because FileNet® P8 components call on Content Platform Engine to perform searches using a sorted paging mechanism. Note that SSS is normally enabled by default but is sometimes disabled due to concerns with performance. |
Windows NT domains (versions 4.0 and earlier). | No |
Group search returns Domain Local Groups | Yes |
LDAP attributes to read in a group entry when resolving member users and member groups | member |
Look up previous user and group SID (objectSID) value in ACLs | Yes – if sIDHistory is maintained |