Beginning with version 2.0.0, Orchid Fusion VMS offers multiple ways to sign in. By performing some configuration work on the front end, your Orchid Fusion VMS users will be able to sign in with their existing Active Directory credentials.
To configure Orchid Fusion VMS to work with Active Directory, you will need to have an Active Directory server that:
- Is reachable from your Orchid Fusion VMS server.
- Contains at least one Active Directory user who is a member of at least one Active Directory group.
Modifying the Configuration File
There are several properties in the Orchid Fusion VMS configuration file that will need to be modified in order for Active Directory authentication to work.
- Set the following properties in the Orchid Fusion VMS configuration file:
- authentication.active.directory.servers= <domain1>|ldap(s)://<domainServerAddress1>,<domain2>| ldap(s)://<domainServerAddress2>
- authentication.active.directory.admin.groups= <domain>\\<group> (Optional)
Here is an example enabling the domain malibu.beach with server address 192.168.105.46, and an Active Directory group called FusionAdmins that will be given administrator access in Orchid Fusion VMS.
- authentication.active.directory.admin.groups= malibu.beach\\FusionAdmins (Optional)
- After modifications to the configuration file are complete, restart the Orchid Fusion VMS service, then sign in to Orchid Fusion VMS.
Refer to the Add a Permission Group for Active Directory section of the Orchid Fusion VMS Administrator Guide for instructions on setting Active Directory groups.
If your administrator Active Directory user is unable to sign in, but you believe the mappings have been configured correctly, check the fusion.log file on the Orchid Fusion VMS server found in the following locations:
- C:\Program Files\IPConfigure\Orchid Fusion VMS\logs\fusion.log (Windows)
- /var/logs/fusion/fusion.log (Linux)
During server startup, the list of the configured Orchid Fusion VMS administrator Active Directory mappings are logged. So using the previous example, you would see a line in the file that looks like this:
14:33:46.804 [main] INFO c.i.f.i.Init03ActiveDirectoryAdminGroupsInitializer – Administrator active directory groups: malibu.beach| |FusionAdmins
Also, a failed sign in attempt will show the list of Active Directory groups of which the user is a member. So using the previous example, you would see a line in the file that looks like this:
14:32:48.888 [XNIO-1 task-21] INFO c.i.f.u.a.ActiveDirectoryAuthenticator – Active directory user: firstname.lastname@example.org successfully authenticated with domain: malibu.beach server address: 192.168.105.46 but failed to authenticate with Fusion because the user is not a member of any active directory groups authorized by Fusion.
email@example.com is a member of active directory domain:
Fusion has authorized domain: malibu.beach groups: