This section details the list of requirements that SilhouetteCentral has for the LDAP server it is connecting to.
The Silhouette LDAP interface for Active Directory expects all the groups that it is going to import to be contained within a single Organizational Unit (OU), henceforth referred to as the Silhouette Root OU.The suggestion for this is “Silhouette”, e.g.
Note: Unlike the example above, the Silhouette Root OU does not have to be a top level OU.
Within the Silhouette Root OU, create one or more Security Groups. These groups should be directly under the Silhouette Root OU. SilhouetteCentral will not scan any child OUs of the Silhouette Root OU searching for groups.
Each of the created Security Groups will have a matching group created within SilhouetteCentral.Once created, add users to these groups as required. The users should already exist in your AD structure (probably under the global Users Container). Each of these users will be imported into SilhouetteCentral and assigned to the matching SilhouetteCentralgroup.
Note: Users can only belong to a single group in SilhouetteCentral. Various LDAP servers, however, allow you to add the same user to many groups. But inside Silhouette, the users will only be assigned to the first group the Silhouette import tool finds. To avoid any confusion, you should ensure that the users are only assigned to a single Security Group inside Active Directory.
If either "Automatic sign-on only" or "Automatic and manual sign-on" is the selected authentication mode in LDAP integration, some changes need to be made in IIS in order for this functionality to work correctly.
