The following is the full list of the options you can configure in the connection string for this provider.

The authentication mechanism to be used when connecting to the Active Directory server.

string

"SIMPLE"

By default, AuthMechanism is SIMPLE, and default plaintext authentication is used to log in to the server. If AuthMechanism is set to DIGESTMD5, the more secure DIGEST-MD5 authentication is used. If AuthMechanism is set to NEGOTIATE, NTLM/Negotiate authentication will be used.

The base portion of the distinguished name, used for limiting results to specific subtrees.

string

""

Specifying a base DN may greatly improve performance when returning entries for large servers by limiting the number of entries that need to be examined.

A password used to authenticate to a proxy-based firewall.

string

""

This property is passed to the proxy specified by FirewallServer and FirewallPort, following the authentication method specified by FirewallType.

The TCP port for a proxy-based firewall.

string

""

This specifies the TCP port for a proxy allowing traversal of a firewall. Use FirewallServer to specify the name or IP address. Specify the protocol with FirewallType.

The name or IP address of a proxy-based firewall.

string

""

This property specifies the IP address, DNS name, or host name of a proxy allowing traversal of a firewall. The protocol is specified by FirewallType: Use FirewallServer with this property to connect through SOCKS or do tunneling.

The protocol used by a proxy-based firewall.

string

"NONE"

This property specifies the protocol that the adapter will use to tunnel traffic through the FirewallServer proxy.

The user name to use to authenticate with a proxy-based firewall.

string

""

The FirewallUser and FirewallPassword properties are used to authenticate against the proxy specified in FirewallServer and FirewallPort, following the authentication method specified in FirewallType.

Whether or not to follow referrals returned by the Active Directory server.

bool

false

When following referrals, you will only be able to return data from the referral servers. INSERT/UPDATE/DELETE will not be available without updating the connection string to connect directly to that server.

Whether to return GUID attribute values in a human readable format.

bool

false

When inspecting object attributes this setting determines whether GUID attributes such as "objectGUID" are returned as binary objects or converted into a human readable string such as "708d9374-d64a-49b2-97ea-489ddc717703". When set to True a friendly string value is returned. When set to False (default) a base 64 encoded string of the binary object is returned.

Whether to return SID attribute values in a human readable format.

bool

false

When inspecting object attributes this setting determines whether SID attributes such as "objectSid" are returned as binary objects or converted into a human readable string such as "S-1-5-21-4272240814-246508344-1325542772-12464". When set to True a friendly string value is returned. When set to False (default) a base 64 encoded string of the binary object is returned.

The LDAP version used to connect to and communicate with the server.

string

"2"

Valid options are 2 and 3 for LDAP versions 2 and 3.

A path to the directory that contains the schema files defining tables, views, and stored procedures.

string

""

The path to a directory which contains the schema files for the adapter (.rsd files for tables and views, .rsb files for stored procedures). The Location property is only needed if you would like to customize definitions (e.g., change a column name, ignore a column, etc.) or extend the data model with new tables, views, or stored procedures.

The schema files are deployed alongside the adapter assemblies. You must also ensure that Location points to the folder that contains the schema files. The folder location can be a relative path from the location of the executable.

Core modules to be included in the log file.

string

""

Only the modules specified (separated by ';') will be included in the log file. By default all modules are included.

Limits the number of rows returned rows when no aggregation or group by is used in the query. This helps avoid performance issues at design time.

int

-1

Limits the number of rows returned rows when no aggregation or group by is used in the query. This helps avoid performance issues at design time.

The other parameters necessary to connect to a data source, such as username and password, when applicable.

string

""

The Other property is a semicolon-separated list of name-value pairs used in connection parameters specific to a data source.

The password for the distinguished name of the specified user.

string

""

Together with User, this field is used to authenticate against the Active Directory server.

The port the Active Directory server is running on.

string

"389"

The port the Active Directory server is running on. Together with Server, this property is used to specify the Active Directory server.

You can use this property to enforce read-only access to ActiveDirectory from the provider.

bool

false

If this property is set to true, the adapter will allow only SELECT queries. INSERT, UPDATE, DELETE, and stored procedure queries will cause an error to be thrown.

Whether to limit the scope of the search to the whole subtree (BaseDN and all of its descendants), a single level (BaseDN and its direct descendants), or the base object (BaseDN only).

string

"WHOLESUBTREE"

Whether to limit the scope of the search to the whole subtree (BaseDN and all of its descendants), a single level (BaseDN and its direct descendants), or the base object (BaseDN only). Limiting scope can greatly improve the search performance.

WholeSubtree

SingleLevel

BaseObject

The domain name or IP of the Active Directory server.

string

""

Note: This does not need to include the LDAP:\\ portion, only the server domain name or IP.

The certificate to be accepted from the server when connecting using TLS/SSL.

string

""

If using a TLS/SSL connection, this property can be used to specify the TLS/SSL certificate to be accepted from the server. Any other certificate that is not trusted by the machine will be rejected.

This property can take the forms:

If not specified, any certificate trusted by the machine will be accepted. Use '*' to signify to accept all certificates (not recommended for security concerns).

The value in seconds until the timeout error is thrown, canceling the operation.

string

"60"

If the Timeout property is set to 0, operations do not time out: They run until they complete successfully or encounter an error condition.

If Timeout expires and the operation is not yet complete, the adapter throws an exception.

The distinguished name of a user.

string

""

Together with Password, this field is used to authenticate against the Active Directory server.

Whether or not to use SSL to connect to the server.

bool

false

Whether or not to use SSL to connect to the server. Note that a port of 636 will always use SSL.