AD Kit Configuration Parameters

We've complied a complete list of all the configuration parameters in the directory_service.ini, auth_policies.ini, and trusted_forests.ini files. The value is what you'll enter in in .ini file and the description tells you how each value impacts the way AD Kit runs.

directory_service.ini

Key

Value

Description

General Parameters

action_list

extract_users

Extracts users from your directory service to a TSV formatted file. Used for configuration and testing purposes.

sync_users

One-way syncing of users from your AD/OpenLDAP to your Egnyte domain. Extracts, adds, and updates your users.

Note: When using this action, the allow_create key must be set to true.

add_users

Reads user data from TSV formatted file, then adds users to your domain in Egnyte.

update_users

 

Updates user attributes (such as first/last name) in your Egnyte domain.

list_users

List of all users from your Egnyte domain.

extract_groups

Extract groups from your directory service to a TSV formatted file. Used for configuration and testing purposes.

sync_groups

One-way syncing of groups and users from your AD/OpenLDAP to your Egnyte domain. Extracts, adds, and updates your groups and users.

Note: When using this action, the allow_create key must be set to true.

add_groups

Reads group data from a TSV formatted file, then adds groups to your Egnyte domain.

update_groups

Updates group attributes in your Egnyte domain.

list_groups

List all groups from your Egnyte domain.

add_auth_policy

Add an authentication policy to your Egnyte domain.

list_auth_policy

Lists the configured auth policies defined by the auth_policies.ini file.

allow_create

false

Default is false which allows adding of new users or groups to Egnyte during sync_users and sync_groups actions.

true

If set to true, allows for users and groups to be created and modified by the AD kit in your Egnyte domain.

allow_delete

false

 

Default is false. This key allows the deleting of users or groups from Egnyte during sync_users and sync_groups actions. 

true

If set to true, then users and groups can either be disabled or deleted by the AD kit in your Egnyte domain.

delete_disabled_users

false

 

If set to false, AD Kit will not be able to delete disabled users from Egnyte. This is the recommended setting.

true

If set to true, AD Kit will be able to delete disabled users from Egnyte that are managed by the AD kit.

send_invitation_email

false

 

An invitation email will not be sent out unless Egnyte is chosen as the authentication method (see default_auth_type)

true

An invitation email will be sent out as a random user or the designated user (see token_type).

Note: This configuration parameter only works with SSO and AD authenticated users.

seed_file

data.tsv

Output file that is created when extract_users or extract_groups is run. It is best to review this file to ensure that the correct users are added.

Egnyte Parameters

egnyte_domain

 

Your domain name in Egnyte. If your domain name is acme.egnyte.com, only acme is needed.

token_type

domain_token

Designates that AD Kit will authenticate using a general domain token.

If send_invitation_email is set to true, the invitation email will come from the user designated here.

user_token

Designates that AD Kit will authenticate using a specific users token.

If send_invitation_email is set to true, the invitation email will come from a random user.

client_m_verison

Authentication key from Egnyte

If token_type was set to domain_token, paste in the Authentication key that was generated when you activated Active Directory in the Application settings.

user_client_m_verison

Personal authentication key from Egnyte

If token_type was set to user_token, paste in the Personal authentication key that was generated when you activated Active Directory in the Application settings.

email_suffix

 

Allows you to specify the suffix of the email address that goes after the username.

default_user_role

power

 

All users will be set up as Power Users in Egnyte.

It’s recommended to use power and then manually change any users to admin as needed since only one user type can be provisioned by AD Kit.

admin

All users will be set as Admin Users in Egnyte.

default_power_user_role

Name of specified Role in Egnyte

All users will be provisioned with this role. Not recommended.

target_host

egnyte.com

Should always be Egnyte.com.

Note: If your Egnyte domain utilizes a custom URL, you will enter that url here.

group_mapping

inherit

Default. All users within all subgroups will be added. Separate groups for each subgroup will be created.

noinherit

Subgroups will be ignored and only users explicitly listed as group members will be added.

flatten

All users within all subgroups will be added. Separate groups for each subgroup will NOT be created.

default_auth_type

ad

Authentication using Microsoft Active Directory. Recommended & default.

sso

Authentication using external ID providers like Okta.

egnyte

Authentication using Egnyte username and password.

LDAP Parameters

service_type

AD

Active Directory. Default option.

OL

OpenLDAP.

host

 

Internal IP address or the fully qualified domain name of the directory service host. If you are running this from inside your firewall, it will be the internal IP of the directory service host.

port

389

LDAP (non-encrypted)

636

LDAPS (encrypted)

3268

GC (non-encrypted)

Note: GC or GCS are used if there are multiple AD domains in the forest available from the Global Catalog.

3269

GCS (encrypted)

Note: GC or GCS are used if there are multiple AD domains in the forest available from the Global Catalog.

secure

false

Use false when using LDAP or GC.

true

Use true when using LDAPS or GCS.

Note: When secure=true the port is assumed to be 636 or 3269.

bind_dn

 

Bind DN (user) used to bind to your active directory. It is recommended that you use the userPrincipalName for a given user for this value.

Note: This user does not need to be a domain admin account.

base_dn

 

Base DN in your directory service from where to search.

Example: base_dn=dc=acme,dc=com if base DN is acme.com

ou_inclusion_filter

 

Define specific OUs to be included in the action list.

user_inclusion_by_ou_filter

 

Define specific OU to pull all users from. Use a comma to dig down the OU structure and use a semicolon to include additional OU’s.

group_inclusion_by_ou_filter

 

Define specific OU to pull all groups from. Use a comma to dig down the OU structure and use a semicolon to include additional OU’s.

Example: To pull users from qa.egnytead.com, us.sales.egnytead.com, and europe.sales.egnytead.com, enter the following: OU=qa;OU=europe,OU=sales;OU=us,OU=sales

user_inclusion_by_group_filter

 

Only users within the specified security group(s) will be added. The value should be the name of the group(s).

Example: user_inclusion_by_group_filter=finance,legal

import_dist_groups

 

By default, only AD security groups are imported. Setting this key to true allows the import of all groups.

group_exclusion_filter

 

Define specific groups to exclude from the action list.

Example: group_exclusion_filter=finance,legal

group_search_filter

 

If using universal groups in the directory service, uncomment the group_search_filter to include universal and global groups. The syntax for this value is the standard LDAP filter syntax.

trusted_forests_file

 

Name of trusted forests’ controller configuration file.

 

auth_policies.ini

Advanced Settings

Key

Value

Description

ldapURL

 

External URL of the ldap server.

bindDN

 

Domain Name of child domain.

baseDN

 

Base Domain name.

searchFilter

 

Search filter of child domain.

serviceType

 

Service Type EXTERNAL_ADS or EXTERNAL_LDAP.

 

trusted_forests.ini

Note: Described parameters must be set for each trusted forest.

Advanced Settings

Key

Value

Description

host

 

IP address of the directory service host for the trusted forest.

port

3268

GC (non-encrypted)

Note: GC or GCS are used if there are multiple AD domains in the forest available from the Global Catalog.

3269

GCS (encrypted)

Note: GC or GCS are used if there are multiple AD domains in the forest available from the Global Catalog.

secure

false

Use false when using GC.

true

Use true when using GCS.

Note: When secure=true the port is assumed to be 3269.

bind_dn

 

Bind DN (user) used to bind to your active directory.

Note: This user does not need to be a domain admin account.

base_dn

 

Base DN in your directory service from where to search.

Example: base_dn=dc=acme,dc=com if base DN is acme.com

password

 

Password for the bind_dn user.

Note: When first running AD Kit, the password is encrypted and stored in the encrypted_password key, after which the password parameter is cleared.

encrypted_password

 

Encrypted version of the password. This parameter is automatically populated after setting the password parameter and running AD Kit.

Egnyte Community

Egnyte Community

Want to connect with other Egnyte users and our Egnyte team? Share ideas and ask questions in our Community .