The BoKS AD Bridge feature can be used to synchronize user information between Microsoft Active Directory and a BoKS domain. A number of utility commands are used to set up and maintain the connectivity between AD and BoKS. The actual synchronization is performed using the adsync utility command.

Here's the list of LDAP attributes requested from AD by BoKS adsync.

Reference Information

Attribute Description
dn Distinguished Name. Stored and associated with the user in BoKS.
member The list of users that belong to the group
objectClass The list of classes from which this class is derived.
uid A user ID. This attribute is the base for the login name for Unix type users in BoKS (RFC 2307).
uidNumber The Unix UID number (RFC 2307).
gidNumber The Unix GID number (RFC 2307).
gecos User comment, e.g. full user name (RFC 2307).
unixHomeDirectory Home directory (RFC 2307).
loginshell Shell program (RFC 2307).
accountExpires The date when the account expires.
userAccountControl Flags (bit mask) that control the behavior of the user account. The second bit (userAccountControl & 2) controls if the account is enabled or disabled.
userPrincipalName An Internet-style login name for a user based on the Internet standard RFC 822. Required by Kerberos. Stored and associated with the user in BoKS.
samAccountName The logon name used to support clients and servers running earlier versions of the Windows operating system, such as Windows NT 4.0, Windows 95, Windows 98, and LAN Manager. This is the login name registered for Windows type users in BoKS.
objectSid A binary value that specifies the security identifier (SID) of the user. The SID is a unique value used to identify the user as a security principal.

Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: August 28, 2019