THIS IS ARCHIVED DOCUMENTATION

Understanding the AddActiveDirectoryIdentity Pipeline Processor

This is for:

Developer System Administrator

On-Premises only

When using Sitecore to host an intranet, it can be very useful to use the Sitecore Active Directory (AD) module. It allows you to grant Sitecore permissions to Active Directory users just like with regular Sitecore users. In this kind of use case, chances are that you will want to search for documents secured with Active Directory directly from Sitecore. This is where the AddActiveDirectoryIdentity processor comes in.

The AddActiveDirectoryIdentity processor provides a way to map a Sitecore domain to an Active Directory domain. When used with the Sitecore Active Directory module, you can retrieve, with minimal configuration, the external documents secured with Active Directory permissions.

The Coveo.SearchProvider.Rest.config file comes with a preconfigured example of the processor.

<!-- This processor maps Sitecore users to Active Directory users by following a domain mapping. -->
<!--
<processor type="Coveo.SearchProvider.Rest.Processors.GetSearchUserIdentities.AddActiveDirectoryIdentity, Coveo.SearchProvider.Rest">
  <domainMappings hint="raw:AddDomainMapping">
    <domainMapping sitecoreDomain="ad" adDomain="acme.corp.com" />
  </domainMappings>
</processor>
-->
  1. The sitecoreDomain attribute represents the domain name as configured in the Sitecore membership provider. The prefix ad is often used in the Sitecore documentation as an example.
  2. The adDomain attribute represents the real Active Directory domain name. Replace acme.corp.com with your own Active Directory domain name.
  3. Copy the <processor> element to your Coveo.SearchProvider.Rest.Custom.config file and uncomment it to activate the pipeline processor.

When active, the processor will take the current Sitecore user (ad\myUser) and will inject it the Active Directory user (acme.corp.com\myUser). The usernames must be the same in Sitecore and Active Directory. Otherwise, the processor won’t be able to provide a working user identity.