Use this support matrix as a quick lookup of supported directory features.
| AD LDS Features | Supported by Content Platform Engine |
|---|---|
| One way SSL | Yes |
| Two way SSL | No |
| Static Groups / Security Groups | Yes |
| Nested Groups | Yes |
| Dynamic Groups | Not applicable |
| Universal Groups | Not applicable |
| Roles | No - Roles are not used by FileNet® P8 services and are not part of the LDAP standard. Do not confuse this Roles with the AD LDS Roles container which is just a container of groups. |
| Referrals for Logon | No |
| Referrals for Search (for User and Group retrieval) | No |
| Chaining | No |
| Directory aliases | No |
| Native Mode Active Directory | Not applicable |
| Mixed Mode Active Directory | Not applicable |
| Support multiple realms | Yes - Each realm corresponds to one AD LDS application partition. |
| Restrict to single realm | Yes - By configuring just one authentication provider and one directory configuration. |
| Support domains across multiple forests | Not applicable |
| Login to any W2k domain in the forest (implies 2-way trust) | Not applicable |
| Login to NT 1 way trust domains in the forest | Not applicable |
| Configurable user name for login | Yes - The short or common name does not contain realm information. Short names must be unique across all of your configured application partitions and realms. |
| Configurable user display name | Yes |
| Configurable group display name | Yes |
| Configurable group name for persisting | Yes - Group names are not persisted in the Content Platform Engine database, even though they are persisted in stored searches and workflow definitions. Because the short name does not contain realm information, short names must be unique across all your configured domains and realms. |
| Use email attribute as short name | Yes - for user short name Do not use email for group short name |
| Server side sorting | Yes (Required) - Server Side Sorting (SSS) must be enabled. This is because FileNet P8 components call on Content Platform Engine to perform searches using a sorted paging mechanism. Note that SSS is normally enabled by default but is sometimes disabled due to concerns with performance. |
| MaxTempTableSize | AD LDS descending sort property MaxTempTableSize has upper limit of 100,000. If the result set for descending sort is larger than the limit, AD LDS server returns LDAP error code 12. |
| Support AD LDS users (for login and Search) | Yes |
| Support use for login and search of userProxyFull class and objects such as the organizationalPerson class, with a static auxiliary class of msds-bindableObject | Yes |
| Support Windows (domain & local) users (login and Search) | No |
| Users in Application Partitions | Yes |
| Users in Configuration and Schema partitions | No - There is a patch from Microsoft that allows AD LDS users to reside in the Configuration partition. However, FileNet P8 does not support this. |
| LDAP attributes to read in a group entry when resolving member users and member groups | member |