Support matrix (Active Directory)
Use this support matrix as a quick lookup of supported directory features.
Table of Active Directory
features that are identified as being supported or not supported by Content Platform Engine.
| Active Directory Features | Supported By Content Platform Engine |
|---|---|
| One-way SSL | Yes |
| Two-way SSL | No |
| Universal Groups | Yes |
| Security Groups | Yes |
| Distribution Groups | Yes |
| Nested Groups | Yes |
| Builtin Groups | No |
| Users and groups belonging to custom Active Directory objects | Yes |
| Supported User type (objectClass) | user |
| Supported Static Group types (objectClass) | group |
| Follow referrals for Search (for User/Group retrieval) | No |
| Roles | No |
| Directory aliases | No |
| Native Mode Active Directory | Yes |
| Mixed Mode Active Directory | Yes - No support for NT4. |
| Restrict to single realm | Yes - By configuring just one realm. |
| Support multiple realms and domains | Yes |
| Support multiple forests | Yes |
| Support users and groups migrate from domain to domain within a forest | No |
| Support domains across multiple forests | Yes |
| Configurable user short name attribute | Yes. Because the short name does not contain realm information, short names must be unique across all your configured domains and realms. |
| Configurable group short name attribute | Yes. Because the short name does not contain realm information, short names must be unique across all your configured domains and realms. |
| Configurable user display name attribute | Y |
| Configurable group display name attribute | Y |
| Configurable principal Name - Boolean flag | Yes If true: shortname@authentication.domain If false: full DN |
| DNS Site | Yes – Resolve domain controllers in a given DNS site. |
| Multiple authenticating attributes support | Yes – Can authenticate against the same Active Directory server using multiple attributes, such as samAccountName, userPrincipalName, or distinguishedName. See Configure multiple authenticating attributes. |
| Use userPrincipalName (UPN) or email as shortname | Yes - for user short name. See Configure
Content Platform Engine to use UPN or email for login. Do not use email for group short name |
| Sorting | Yes – Return users and groups in sorted order: either ascending or descending order. |
| Paging/Continuation | Yes – Return users and groups page by page. Page continuation happens automatically in the back end. |
| Server side sorting | Yes (Required) - Server Side Sorting (SSS) must be enabled. This is because FileNet® P8 components call on Content Platform Engine to perform searches using a sorted paging mechanism. Note that SSS is normally enabled by default but is sometimes disabled due to concerns with performance. |
| Windows NT domains (versions 4.0 and earlier). | No |
| Group search returns Domain Local Groups | Yes |
| LDAP attributes to read in a group entry when resolving member users and member groups | member |
| Look up previous user and group SID (objectSID) value in ACLs | Yes – if sIDHistory is maintained |