Using nevisDataPorter with an Active Directory
When using an Active Directory data sink, the user you are connecting with (i.e., the username parameter of the associated LDAPConnectionPool) needs to have full control over the object referenced by the basedn parameter.
For instance, to delegate control of an organizational unit in an Active Directory for Windows 2003, you will have to perform the following steps:
- Open the Active Directory Users and Computers MMC Snap-In.
- Select the organizational unit, right-click it, and select Delegate Control.
- Add the user (which can be a regular domain user) to the list of selected users.
- Select Create a custom task to delegate and click Next.
- Choose This folder, existing objects in this folder, and creation of new objects in this folder and click Next.
- Choose Full Control from the Permissions selection box and click Next.
- Complete the wizard by clicking Finish.
To be able to perform the desired write operations to the Active Directory, the LDAP connection needs to be secured with SSL/TLS. To enable LDAPS access on Port 636 of your Active Directory, add a corresponding X.509 server certificate to the Active Directory.