{"id":6728,"date":"2018-01-26T01:11:37","date_gmt":"2018-01-25T16:11:37","guid":{"rendered":"https:\/\/chat-messenger.com\/?p=6728"},"modified":"2026-03-22T01:44:46","modified_gmt":"2026-03-21T16:44:46","slug":"active-directory-ldap","status":"publish","type":"post","link":"https:\/\/chat-messenger.com\/en\/manual\/camserver\/active-directory-ldap","title":{"rendered":"Active Directory Linkage"},"content":{"rendered":"<h2>Active Directory Linkage Overview<\/h2>\n\n\n\n<p>On-premise CAMServer Enterprise makes ID authentication very easy by providing Active Directory linkage. The following can be achieved<\/p>\n\n\n\n<ul><li><a href=\"https:\/\/chat-messenger.com\/en\/manual\/install_verup\/cam-webapp\/\">Web App Version<\/a>Active Directory Authentication ID is initially displayed during login authentication when using<\/li><li>Passwordless authentication and OS passwords can be used for ID authentication.<\/li><li>CAMServer uses Active Directory's LDAP protocol to determine if identity authentication is successful.<\/li><\/ul>\n\n\n\n<h2>Active Directory ID Linkage<\/h2>\n\n\n\n<div class=\"wp-block-columns\">\n<div class=\"wp-block-column\">\n<figure class=\"wp-block-image size-full\"><img width=\"2961\" height=\"1327\" src=\"https:\/\/chat-messenger.com\/wp-content\/uploads\/2024\/03\/image-10.png\" alt=\"\" class=\"wp-image-10770\"\/><\/figure>\n<\/div>\n\n\n\n<div class=\"wp-block-column\">\n<p>When Active Directory ID Linkage is enabled, the login ID is automatically set if the user is Active Directory authenticated.<\/p>\n\n\n\n<p class=\"is-style-icon_announce\">The login ID can be set automatically by <a href=\"https:\/\/chat-messenger.com\/en\/manual\/install_verup\/cam-webapp\/\">Web App Version<\/a> only.<\/p>\n<\/div>\n<\/div>\n\n\n\n<h2>Authentication method<\/h2>\n\n\n\n<p class=\"is-style-icon_info\"><span class=\"swl-fz u-fz-s\">Before saving this setting, be sure to complete the LDAP settings first and perform &quot;Test LDAP Settings&quot;.<\/span><\/p>\n\n\n\n<div class=\"wp-block-columns\">\n<div class=\"wp-block-column\">\n<figure class=\"wp-block-image size-full\"><img width=\"3100\" height=\"1300\" src=\"https:\/\/chat-messenger.com\/wp-content\/uploads\/2024\/03\/image-11.png\" alt=\"\" class=\"wp-image-10772\"\/><\/figure>\n<\/div>\n\n\n\n<div class=\"wp-block-column\">\n<p>After enabling Active Directory ID linkage, you can optionally select &quot;Passwordless Authentication&quot; or &quot;OS Password Authentication&quot;.<\/p>\n\n\n\n\n\n\n\n\n<\/div>\n<\/div>\n\n\n\n<h3 id=\"ADPasswordless\">Passwordless Authentication<\/h3>\n\n\n\n<p>When you are logged in to AD, the information that can be obtained is encrypted and used as an authentication token, making it possible to log in to the service without a password.<span class=\"swl-marker mark_blue\">Before enabling this setting, you must configure the &quot;AD user to perform proxy authentication&quot; and &quot;Test LDAP settings&quot;.<\/span><\/p>\n\n\n\n<p class=\"is-style-icon_info\"><a href=\"https:\/\/chat-messenger.com\/en\/manual\/camserver\/windows-auth\/\">\u7d71\u5408Windows\u8a8d\u8a3c\u3067\u306eSSO<\/a> has the advantage in terms of security.<\/p>\n\n\n\n<p class=\"is-style-big_icon_caution\">interpoint (interword separation)<span class=\"swl-marker mark_orange\">If this setting is activated, access will only be available in the Web App version.<\/span><br>\u30fb\u8a2d\u5b9a\u30df\u30b9\u304c\u3042\u308b\u3068\u8ab0\u3082\u30ed\u30b0\u30a4\u30f3\u51fa\u6765\u306a\u304f\u306a\u308a\u307e\u3059\u304c\u3001CAMServer\/boot.ini \u30d5\u30a1\u30a4\u30eb\u306b cam.disableADPasswordless=true \u3092\u8a2d\u5b9a\u3057\u3001CAMServer \u3092\u8d77\u52d5\u3059\u308b\u3068\u300c\u30d1\u30b9\u30ef\u30fc\u30c9\u30ec\u30b9\u8a8d\u8a3c\u300d\u306e\u8a2d\u5b9a\u3092\u7121\u52b9\u5316\u3067\u304d\u307e\u3059\u3002\u7121\u52b9\u5316\u3057\u3066\u8d77\u52d5\u5f8c\u3001\u5404\u7a2e\u8a2d\u5b9a\u3092\u898b\u76f4\u3057\u5fc5\u305a\u300cLDAP\u8a2d\u5b9a\u306e\u30c6\u30b9\u30c8\u300d\u3092\u5b9f\u65bd\u5f8c\u306b\u300c\u30d1\u30b9\u30ef\u30fc\u30c9\u30ec\u30b9\u8a8d\u8a3c\u300d\u3092\u6709\u52b9\u5316\u3057\u3066\u304f\u3060\u3055\u3044\u3002\u6709\u52b9\u5316\u5f8c\u306f cam.disableADPasswordless \u3092cam.ini \u30d5\u30a1\u30a4\u30eb\u304b\u3089\u6d88\u3057\u3066\u304b\u3089\u3001CAMServer \u3092\u518d\u8d77\u52d5\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<h3>OS Password Authentication<\/h3>\n\n\n\n<p>The OS password is used for user authentication.<\/p>\n\n\n\n<p>\u30e6\u30fc\u30b6\u3092\u65b0\u898f\u767b\u9332\u306e\u969b\u306f\u4eee\u306e\u9069\u5f53\u306a\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u8a2d\u5b9a\u3057\u767b\u9332\u3057\u3066\u304f\u3060\u3055\u3044\u3002\u300cOS\u30d1\u30b9\u30ef\u30fc\u30c9\u8a8d\u8a3c\u300d\u304c\u6210\u529f\u3057\u305f\u3089\u8a8d\u8a3cOK\u3068\u3057\u3001C&amp;M\u4e0a\u306e\u767b\u9332\u30d1\u30b9\u30ef\u30fc\u30c9\u3082\u4e0a\u66f8\u304d\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<p class=\"is-style-icon_pen\">\u30fb\u300cOS\u30d1\u30b9\u30ef\u30fc\u30c9\u8a8d\u8a3c\u300d\u304c\u5931\u6557\u3057\u305f\u5834\u5408\u3067\u3082\u3001C&amp;M\u3078\u30e6\u30fc\u30b6\u767b\u9332\u6642\u306b\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u8a2d\u5b9a\u3057\u3001\u4e00\u81f4\u3059\u308b\u5834\u5408\u306f\u8a8d\u8a3cOK\u3068\u3057\u307e\u3059\u3002<br>\u30fb\u3053\u306e\u8a2d\u5b9a\u306f <a href=\"https:\/\/chat-messenger.com\/en\/manual\/camserver\/windows-auth\/\">\u7d71\u5408Windows\u8a8d\u8a3c\u3067\u306eSSO<\/a> \u3068\u306e\u4f75\u7528\u304c\u53ef\u80fd\u3067\u3059\u3002<\/p>\n\n\n\n<h2 id=\"LDAP-config\">LDAP Settings<\/h2>\n\n\n\n<figure class=\"wp-block-image size-full is-resized is-style-border\"><img src=\"https:\/\/chat-messenger.com\/wp-content\/uploads\/2026\/03\/image-11.png\" alt=\"\" class=\"wp-image-12763\" width=\"554\" height=\"209\"\/><\/figure>\n\n\n\n<h3>LDAPUrl<\/h3>\n\n\n\n<p>This is the URL for searching the ActiveDirectory server using LDAP. Specify the address and port in LDAPUrl as necessary. If blank, <code>ldap:\/\/localhost:389<\/code> You can access it via port 389, which is the default for ldap.<\/p>\n\n\n\n<p class=\"is-style-icon_pen\">SSL\u304c\u5fc5\u8981\u306a\u5834\u5408\u5834\u5408\u306f\u3001ldaps \u3067 <code>ldaps:\/\/&lt;FQDN&gt;:636<\/code> \u3068\u6307\u5b9a\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<h3>LDAPBaseDN<\/h3>\n\n\n\n<p>LDAPBaseDN\u306f\u3001LDAP \u30b5\u30fc\u30d0\u306e\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u30c4\u30ea\u30fc\u4e0a\u3067\u3001\u30e6\u30fc\u30b6\u30fc\u3092\u691c\u7d22\u3059\u308b\u958b\u59cb\u4f4d\u7f6e\u3092\u6307\u5b9a\u3059\u308b\u5024\u3067\u3059\u3002\u6539\u884c\u533a\u5207\u308a\u3067\u8907\u6570\u6307\u5b9a\u3067\u304d\u307e\u3059\u3002<\/p>\n\n\n\n<p class=\"is-style-icon_announce\">CAMServer v4.60.17 \u4ee5\u964d\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u3067\u306f\u3001\u307b\u3068\u3093\u3069\u306e\u5834\u5408\u672a\u6307\u5b9a\u3067\u554f\u984c\u3042\u308a\u307e\u305b\u3093\u3002\u904e\u53bb\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u306f\u3001\u672a\u6307\u5b9a\u306e\u5834\u5408\u3001Users \u30b3\u30f3\u30c6\u30ca\uff08\u4f8bCN=Users,DC=camtest,DC=com\uff09\u306e\u307f\u81ea\u52d5\u3067\u8ffd\u52a0\u3059\u308b\u4ed5\u69d8\u3067\u3057\u305f\u3002<\/p>\n\n\n\n<h4>\u672a\u6307\u5b9a\u306e\u5834\u5408<\/h4>\n\n\n\n<p>\u672a\u6307\u5b9a\u306e\u5834\u5408\u3001\u30e6\u30fc\u30b6\u30fcID\u306e\u30c9\u30e1\u30a4\u30f3\u304b\u3089\u30c9\u30e1\u30a4\u30f3\u30eb\u30fc\u30c8\u306e BaseDN \u3092\u81ea\u52d5\u751f\u6210\u3057\u3001\u30c9\u30e1\u30a4\u30f3\u5168\u4f53\u3092\u691c\u7d22\u3057\u307e\u3059\u3002\u4f8b\u3048\u3070\u3001user1@camtest.com \u3068\u8a00\u3046\u30e6\u30fc\u30b6\u3092\u691c\u7d22\u3059\u308b\u5834\u5408\u306e LDAPBaseDN \u306f\u300cDC=camtest, DC=com\u300d\u3068\u306a\u308a\u307e\u3059\u3002<\/p>\n\n\n\n<div class=\"wp-block-columns\">\n<div class=\"wp-block-column\">\n<figure class=\"wp-block-image size-full is-resized is-style-border\"><img src=\"https:\/\/chat-messenger.com\/wp-content\/uploads\/2024\/04\/image-2.png\" alt=\"\" class=\"wp-image-10811\" width=\"290\" height=\"226\"\/><\/figure>\n<\/div>\n\n\n\n<div class=\"wp-block-column\">\n<figure class=\"wp-block-image size-full is-style-border\"><img width=\"1159\" height=\"605\" src=\"https:\/\/chat-messenger.com\/wp-content\/uploads\/2024\/04\/image-1.png\" alt=\"\" class=\"wp-image-10809\"\/><\/figure>\n<\/div>\n<\/div>\n\n\n\n<h4>\u6307\u5b9a\u3057\u305f\u5834\u5408<\/h4>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container\">\n<p>\u7d44\u7e54\u5358\u4f4d\uff08OU\uff09\u306b\u30e6\u30fc\u30b6\u304c\u914d\u7f6e\u3055\u308c\u3066\u3044\u308b\u5834\u5408\u306f\u3001\u500b\u5225\u306b BaseDN \u3092\u6307\u5b9a\u3059\u308b\u4e8b\u3067\u691c\u7d22\u5bfe\u8c61\u3092\u7d5e\u308a\u8fbc\u3080\u904b\u7528\u304c\u53ef\u80fd\u3067\u3059\u3002\u4e0b\u56f3\u3067\u306f\u3001\u55b6\u696d\u90e8\u3001\u7d4c\u7406\u90e8\u306e\u7d44\u7e54\u5358\u4f4d\uff08OU\uff09\u3092\u691c\u7d22\u5bfe\u8c61\u3068\u3059\u308b\u8a2d\u5b9a\u3067\u3059\u3002<\/p>\n\n\n\n<div class=\"wp-block-columns\">\n<div class=\"wp-block-column\">\n<figure class=\"wp-block-image size-full is-resized is-style-border\"><img src=\"https:\/\/chat-messenger.com\/wp-content\/uploads\/2025\/05\/image-1.png\" alt=\"\" class=\"wp-image-11938\" width=\"467\" height=\"207\"\/><\/figure>\n<\/div>\n\n\n\n<div class=\"wp-block-column\">\n<p class=\"is-style-icon_pen\"><span class=\"swl-fz u-fz-s\">\u6307\u5b9a\u3057\u305f\u5834\u5408\u3067\u3082\u3001\u65e2\u5b9a\u306e Users \u30b3\u30f3\u30c6\u30ca\uff08CN=Users,DC=yourdomain,DC=com\uff09\u3082\u81ea\u52d5\u7684\u306b\u691c\u7d22\u5bfe\u8c61\u3078\u8ffd\u52a0\u3055\u308c\u307e\u3059\u3002<\/span><\/p>\n<\/div>\n<\/div>\n<\/div><\/div>\n\n\n\n<h3>Testing Delegated Authentication AD User and LDAP Settings<\/h3>\n\n\n\n<p>Windows\u7d71\u5408\u8a8d\u8a3c\u3067\u306eSSO\u3084\u30d1\u30b9\u30ef\u30fc\u30c9\u30ec\u30b9\u8a8d\u8a3c\u3092\u884c\u3046\u5834\u5408\u306f\u3001\u4ee3\u7406\u8a8d\u8a3c\u3092\u884c\u3046AD\u30e6\u30fc\u30b6\u3092\u8a2d\u5b9a\u3057\u300cLDAP\u8a2d\u5b9a\u306e\u30c6\u30b9\u30c8\u300d\u3092\u5b9f\u65bd\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<p>In the above authentication process, an internal LDAP search is performed to verify whether the AD user performing proxy authentication is a legitimate AD user.<\/p>\n\n\n\n<h2 id=\"ADSync\">Active Directory synchronization settings<\/h2>\n\n\n\n<div class=\"wp-block-columns\">\n<div class=\"wp-block-column\">\n<figure class=\"wp-block-image size-full is-style-border\"><img width=\"1473\" height=\"618\" src=\"https:\/\/chat-messenger.com\/wp-content\/uploads\/2024\/03\/image-9.png\" alt=\"\" class=\"wp-image-10763\"\/><\/figure>\n<\/div>\n\n\n\n<div class=\"wp-block-column\">\n<p>When Active Directory synchronization settings are enabled, information will be retrieved from Active Directory at the specified time and user information in Chat&amp;Messenger will be updated.<\/p>\n\n\n\n<p>The information to be updated is below.<\/p>\n\n\n\n<ul><li>Username...AD displayName attribute<\/li><li>Group name...AD department attribute<\/li><li>Email\u30fb\u30fb\u30fbAD email attribute<\/li><\/ul>\n<\/div>\n<\/div>\n\n\n\n<h2>FAQ<\/h2>\n\n\n\n<h3>Can I create a user that does not exist in Active Directory?<\/h3>\n\n\n\n<p>If you do not select &quot;Passwordless&quot; as the authentication method, you can create an account on the Chat&amp;Messenger user management screen and log in even if the user does not exist in Active Directory.<\/p>\n\n\n\n<h3>Can I synchronize with Active Directory to automate user addition?<\/h3>\n\n\n\n<p>Currently, Chat&amp;Messenger does not automatically add or delete users based on Active Directory users. Therefore, even if Active Directory linkage is enabled, the administrator must create Chat&amp;Messenger users using the user registration screen on the management screen or by uploading CSV.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td>\n<figure><img src=\"\/images\/user-admin-userinput.png\" border=\"0\"><\/figure><div class=\"card-img post_img\" style=\"width: 300px!important;\"><\/div>\n<\/td><td> <figure><img border=\"0\" src=\"\/images\/user-admin-csvupload.png\"><\/figure><div class=\"card-img post_img\" style=\"width: 300px!important;\">*CSV upload only adds\/changes Chat&amp;Messenger users and does not delete them. Please delete one item at a time from the management screen.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 id=\"Get-ADUser\">I want to get a list of Active Directory users and create a CSV.<\/h3>\n\n\n\n<p>You can obtain a list of Active Directory users using PowerShell&#039;s Get-ADUser. of this list <em>UserPrincipalName<\/em> Please create a CSV file using the User ID (work email address) on Chat&amp;Messenger.<\/p>\n\n\n\n<div class=\"hcb_wrap\" data-no-translation=\"\"><pre class=\"prism line-numbers lang-bash\" data-lang=\"Bash\"><code>&gt; Get-ADUser -Filter {objectClass -eq &quot;user&quot;} -Properties info\n\nDistinguishedName : CN=user1,CN=Users,DC=***,DC=com\nGivenName         : \u30e6\u30fc\u30b6\uff11\nName              : user1\nObjectClass       : user\nObjectGUID        : bf84cdab-2c21-44cf-aaca-afe493d97f2a\nSamAccountName    : user1\nSID               : S-1-5-21-3698402442-2374923176-*****-1104\nSurname           : \u30e6\u30fc\u30b6\uff11\nUserPrincipalName : user1@***.com\n\nDistinguishedName : CN=user2,CN=Users,DC=***,DC=com\nGivenName         : user2\nName              : user2\nObjectClass       : user\nObjectGUID        : 482450a4-482a-40ac-b89b-434605f45571\nSamAccountName    : user2\nSID               : S-1-5-21-3698402442-2374923176-*****-1105\nSurname           : \u30c6\u30b9\u30c8\nUserPrincipalName : user2@***.com\n\n# AD users \u306e\u30ea\u30b9\u30c8\u3092 CSV\u3067\u51fa\u529b\n&gt; $users = Get-ADUser -Filter {objectClass -eq &quot;user&quot;} -Properties UserPrincipalName, GivenName\n&gt; $selectedUsers = $users | Select-Object UserPrincipalName, GivenName\n&gt; $selectedUsers | Export-Csv -Path &quot;C:\\path\\to\\output\\users.csv&quot; -NoTypeInformation<\/code><\/pre><\/div>","protected":false},"excerpt":{"rendered":"<p>Active Directory Linkage Overview In on-premises CAMServer Enterprise, Ac [\u2026]<\/p>","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"swell_btn_cv_data":""},"categories":[17],"tags":[],"_links":{"self":[{"href":"https:\/\/chat-messenger.com\/en\/wp-json\/wp\/v2\/posts\/6728"}],"collection":[{"href":"https:\/\/chat-messenger.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/chat-messenger.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/chat-messenger.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/chat-messenger.com\/en\/wp-json\/wp\/v2\/comments?post=6728"}],"version-history":[{"count":9,"href":"https:\/\/chat-messenger.com\/en\/wp-json\/wp\/v2\/posts\/6728\/revisions"}],"predecessor-version":[{"id":12772,"href":"https:\/\/chat-messenger.com\/en\/wp-json\/wp\/v2\/posts\/6728\/revisions\/12772"}],"wp:attachment":[{"href":"https:\/\/chat-messenger.com\/en\/wp-json\/wp\/v2\/media?parent=6728"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/chat-messenger.com\/en\/wp-json\/wp\/v2\/categories?post=6728"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/chat-messenger.com\/en\/wp-json\/wp\/v2\/tags?post=6728"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}