> ## Documentation Index
> Fetch the complete documentation index at: https://doc.lucidworks.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Active Directory for ACLs V1

> The Active Directory Connector for ACLs indexes Access Control List (ACL) information so that it can be used by other connectors.

export const schema = {
  "type": "object",
  "title": "LDAP and Azure Acls Connector (v2)",
  "description": "The LDAP acls connector can crawl Active Directory, Azure Active Directory and OpenLDAP.",
  "required": ["id", "properties", "pipelineId"],
  "properties": {
    "properties": {
      "type": "object",
      "title": "Properties",
      "description": "Plugin specific properties.",
      "required": ["security", "ldapPort", "ldaps"],
      "properties": {
        "ldapHost": {
          "type": "string",
          "title": "LDAP host",
          "description": "LDAP host."
        },
        "ldapPort": {
          "type": "number",
          "title": "LDAP port",
          "description": "LDAP port.",
          "default": 389,
          "maximum": 2147483647,
          "exclusiveMaximum": false,
          "minimum": -2147483648,
          "exclusiveMinimum": false,
          "multipleOf": 1
        },
        "ldaps": {
          "type": "boolean",
          "title": "Enable SSL (LDAPS)",
          "description": "Use LDAPS to secure communication to the LDAP server.",
          "default": false
        },
        "loginUserPrincipal": {
          "type": "string",
          "title": "Login User Principal",
          "description": "The Crawl account user principal name of which to authenticate to LDAP."
        },
        "loginPassword": {
          "type": "string",
          "title": "Login Password",
          "description": "The Crawl account user password of which to authenticate to LDAP.",
          "hints": ["secret"]
        },
        "baseDn": {
          "type": "string",
          "title": "Base DN",
          "description": "Base DN."
        },
        "userSearchBaseDn": {
          "type": "string",
          "title": "User Search Base DN",
          "description": "User Search Base DN."
        },
        "groupSearchBaseDn": {
          "type": "string",
          "title": "Group Search Base DN",
          "description": "Group Search Base DN."
        },
        "userSearchFilter": {
          "type": "string",
          "title": "User Search Filter",
          "description": "User Search Filter.",
          "default": "(&(objectclass=user)(sAMAccountName=*))"
        },
        "groupSearchFilter": {
          "type": "string",
          "title": "Group Search Filter",
          "description": "Group Search Filter.",
          "default": "(&(objectclass=group))"
        },
        "adNetbiosDomain": {
          "type": "string",
          "title": "AD Netbios Domain",
          "description": "AD Netbios domain name."
        },
        "security": {
          "type": "object",
          "title": "Graph security filtering configuration",
          "required": [],
          "properties": {
            "enabled": {
              "type": "boolean",
              "title": "Enable security trimming",
              "description": "Enable query-time security-trimming",
              "default": true
            }
          },
          "interfaces": ["com.lucidworks.fusion.connector.plugin.api.config.security.GraphSecurityConfig$Properties", "com.lucidworks.fusion.connector.plugin.api.config.security.SecurityFilteringProperties"]
        },
        "additionalAttributes": {
          "type": "array",
          "title": "Additional LDAP Attributes",
          "description": "When fetching LDAP users, you can request additional attributes to be indexed as fields such as manager, mail, phonenumber, etc.",
          "items": {
            "type": "string"
          }
        },
        "azureProperties": {
          "type": "object",
          "title": "Azure AD Properties",
          "description": "Properties that should be set when want to crawl Azure AD instances for additional group definitions",
          "required": [],
          "properties": {
            "tenantId": {
              "type": "string",
              "title": "Azure AD Tenant ID",
              "description": "If crawling Azure AD instances, supply Azure Tenant ID. This is required when listing Azure Groups from Microsoft Graph API."
            },
            "clientId": {
              "type": "string",
              "title": "Azure AD Client ID",
              "description": "If crawling Azure AD instances, supply the Azure Application's Client ID. This is required when listing Azure Groups from Microsoft Graph API."
            },
            "clientSecret": {
              "type": "string",
              "title": "Azure AD Client Secret",
              "description": "If crawling Azure AD instances, supply the Azure Application's Client secret. This is required when listing Azure Groups from Microsoft Graph API.",
              "hints": ["secret"]
            },
            "ignoreSSLValidation": {
              "type": "boolean",
              "title": "Ignore SSL Validation",
              "description": "When crawling the Azure AD groups and users, ignore SSL validation.",
              "default": true
            },
            "proxyUrl": {
              "type": "string",
              "title": "Proxy URL",
              "description": "If crawling Azure AD instances, if you need to communicate through a proxy, specify the proxy url here. Format: host:port"
            },
            "proxyUsername": {
              "type": "string",
              "title": "Proxy Username",
              "description": "If crawling Azure AD instances, if you need to communicate through a proxy, specify the proxy username here"
            },
            "proxyPassword": {
              "type": "string",
              "title": "Proxy Password",
              "description": "If crawling Azure AD instances, if you need to communicate through a proxy, specify the proxy password here",
              "hints": ["secret"]
            },
            "onPremisesDomainMappings": {
              "type": "array",
              "title": "On Premises Domain Mappings",
              "description": "The onPremisesDomainName element used in the \"id\" of the azure-onprem-user by default will be a fqdn domain such as \"engineering.lucidworks.com\". Here you can specify a mapping to some other domain representation such as \"eng\". You should use this when the ACLs on your docs are in the form ShortDomain\\Username",
              "items": {
                "type": "object",
                "required": [],
                "properties": {
                  "onPremisesDomainName": {
                    "type": "string",
                    "title": "On premises domain name",
                    "description": "The full onPremisesDomainName as returned from MS Graph API. Will look something like: \"northwest.lucidworks.com\"",
                    "minLength": 1
                  },
                  "mapToDomainName": {
                    "type": "string",
                    "title": "Map to domain name",
                    "description": "What to replace this domain name with. For example, in your setup you have \"northwest.lucidworks.com\" but you want to use the netbios-style domain \"nw\". So in that case you would specify \"nw\" in this field.",
                    "minLength": 1
                  }
                },
                "interfaces": ["com.lucidworks.connector.plugins.ldapacls.config.OnPremisesDomainMapping"]
              }
            },
            "userBatchSize": {
              "type": "number",
              "title": "User Batch Size",
              "description": "This is the $top parameter sent ot the MS users endpoint, which is the number of users returned in each api call.",
              "default": 999,
              "maximum": 999,
              "exclusiveMaximum": false,
              "minimum": 1,
              "exclusiveMinimum": false,
              "multipleOf": 1
            },
            "groupBatchSize": {
              "type": "number",
              "title": "Group Batch Size",
              "description": "This is the $top parameter sent ot the MS groups endpoint, which is the number of groups returned in each api call.",
              "default": 999,
              "maximum": 999,
              "exclusiveMaximum": false,
              "minimum": 1,
              "exclusiveMinimum": false,
              "multipleOf": 1
            },
            "bearerTokenExpiryMs": {
              "type": "number",
              "title": "Bearer Token Expiry (ms)",
              "description": "In milliseconds, how long to re-use an authentication bearer token before obtaining a new one.",
              "default": 3600000,
              "maximum": 2147483647,
              "exclusiveMaximum": false,
              "minimum": 1,
              "exclusiveMinimum": false,
              "multipleOf": 1
            },
            "httpConnectionRequestTimeout": {
              "type": "number",
              "title": "HTTP Connection Pool Request Timeout (ms)",
              "description": "In milliseconds, time to wait for getting a connection from the connection manager/pool. (HttpClient maintains a connection pool to manage the connections. Similar to database connection pool).",
              "default": 60000,
              "hints": ["advanced"],
              "maximum": 2147483647,
              "exclusiveMaximum": false,
              "minimum": 1,
              "exclusiveMinimum": false,
              "multipleOf": 1
            },
            "httpSocketTimeout": {
              "type": "number",
              "title": "HTTP Socket Timeout (ms)",
              "description": "In milliseconds, max time gap between two consecutive data packets while transferring data from server to client.",
              "default": 60000,
              "hints": ["advanced"],
              "maximum": 2147483647,
              "exclusiveMaximum": false,
              "minimum": 1,
              "exclusiveMinimum": false,
              "multipleOf": 1
            },
            "httpConnectTimeout": {
              "type": "number",
              "title": "HTTP Connect Timeout (ms)",
              "description": "In milliseconds, max time to establish a connection with remote host/server.",
              "default": 30000,
              "hints": ["advanced"],
              "maximum": 2147483647,
              "exclusiveMaximum": false,
              "minimum": 1,
              "exclusiveMinimum": false,
              "multipleOf": 1
            }
          },
          "interfaces": ["com.lucidworks.connector.plugins.ldapacls.config.AzureAuthenticationConfig"]
        },
        "aclZkHosts": {
          "type": "string",
          "title": "ACL zk hosts string",
          "description": "ACL colleciton solr zk hosts string.",
          "hints": ["advanced"]
        },
        "aclZkChroot": {
          "type": "string",
          "title": "ACL zk chroot string",
          "description": "ACL colleciton solr zk hosts chroot string.",
          "hints": ["advanced"]
        },
        "fetchRetryProperties": {
          "type": "object",
          "title": "Retry Options",
          "description": "A set of options for configuring retry behavior.",
          "required": ["delayMs", "maxDelayTimeMs", "delayFactor"],
          "properties": {
            "maxRetries": {
              "type": "number",
              "title": "Maximum Retries",
              "description": "The retryer will retry failed operations in the case that they might succeed if attempted again. This parameter states the number of attempts to retry until giving up. This parameter, if specified, will override the \"Stop retrying after time (milliseconds)\" parameter.",
              "default": 3,
              "maximum": 100,
              "exclusiveMaximum": false,
              "minimum": 0,
              "exclusiveMinimum": false,
              "multipleOf": 1
            },
            "delayFactor": {
              "type": "number",
              "title": "Delay Factor",
              "description": "The retryer will retry failed operations in the case that they might succeed if attempted again. The retryer will sleep an exponential amount of time after the first failed attempt and retry in exponentially incrementing amounts after each failed attempt up to the maximumTime. nextWaitTime = exponentialIncrement * multiplier.",
              "default": 2,
              "maximum": 9999,
              "exclusiveMaximum": false,
              "minimum": 1,
              "exclusiveMinimum": false,
              "multipleOf": 1
            },
            "delayMs": {
              "type": "number",
              "title": "Retry Delay",
              "description": "Sets the delay between retries, exponentially backing off to the maxDelayTimeMs and multiplying successive delays by the delayFactor",
              "default": 1000,
              "maximum": 9223372036854776000,
              "exclusiveMaximum": false,
              "minimum": 1,
              "exclusiveMinimum": false,
              "multipleOf": 1
            },
            "maxDelayTimeMs": {
              "type": "number",
              "title": "Maximum Delay Time",
              "description": "The maximum time wait time between successive retries.",
              "default": 300000,
              "maximum": 600000,
              "exclusiveMaximum": false,
              "minimum": 1,
              "exclusiveMinimum": false,
              "multipleOf": 1
            },
            "maxTimeLimitMs": {
              "type": "number",
              "title": "Maximum Time Limit",
              "description": "This setting is used to limit the maximum amount of time spent on retries. Note: this will be ignored if \"Maximum Retries\" is specified.",
              "default": 600000,
              "maximum": 28800000,
              "exclusiveMaximum": false,
              "minimum": 1,
              "exclusiveMinimum": false,
              "multipleOf": 1
            },
            "errorExclusions": {
              "type": "array",
              "title": "Error Exclusions",
              "description": "Optional regex list that will be matched against failed attempts exception class and message. If any regex matches, do not retry this request. This is needed to prevent the retryer from retrying non-recoverable errors that were not already ignored by the connector implementation.",
              "items": {
                "type": "string",
                "maxLength": 256,
                "minLength": 1
              }
            }
          },
          "interfaces": ["com.lucidworks.fusion.connector.plugin.api.config.RetryConfig$Properties"]
        }
      },
      "interfaces": ["com.lucidworks.connector.plugins.ldapacls.config.LdapAclsConfig$Properties", "com.lucidworks.fusion.connector.plugin.api.config.ConnectorPluginProperties", "com.lucidworks.fusion.connector.plugin.api.config.RetryConfig", "com.lucidworks.fusion.connector.plugin.api.config.security.GraphSecurityConfig"]
    },
    "id": {
      "type": "string",
      "title": "Configuration ID",
      "description": "A unique identifier for this Configuration.",
      "minLength": 1,
      "pattern": "^[a-zA-Z0-9_-]+$"
    },
    "pipelineId": {
      "type": "string",
      "title": "Pipeline ID",
      "description": "Name of the IndexPipeline used for processing output.",
      "minLength": 1,
      "pattern": "^[a-zA-Z0-9_-]+$"
    },
    "parserId": {
      "type": "string",
      "title": "Parser ID",
      "description": "The Parser to use in the associated IndexPipeline.",
      "pattern": "^[a-zA-Z0-9_-]+$"
    },
    "description": {
      "type": "string",
      "title": "Description",
      "description": "Optional description",
      "hints": ["lengthy"],
      "maxLength": 125
    },
    "type": {
      "type": "string",
      "title": "Type",
      "description": "A type ID for this connector.",
      "hints": ["readonly", "hidden"]
    },
    "created": {
      "type": "string",
      "title": "Date Created",
      "description": "The date at which this Configuration was created.",
      "hints": ["readonly", "hidden"]
    },
    "modified": {
      "type": "string",
      "title": "Date Modified",
      "description": "The date at which this Configuration was last modified.",
      "hints": ["readonly", "hidden"]
    },
    "diagnosticLogging": {
      "type": "boolean",
      "title": "Diagnostic Logging",
      "description": "Enable diagnostic logging; disabled by default",
      "default": false
    },
    "collectionId": {
      "type": "string",
      "title": "Collection ID",
      "description": "The associated content Collection.",
      "hints": ["readonly", "hidden"],
      "minLength": 1,
      "pattern": "^[a-zA-Z0-9_-]+$"
    },
    "coreProperties": {
      "type": "object",
      "title": "Core Properties",
      "description": "Common behavior and performance settings.",
      "required": [],
      "properties": {
        "fetchSettings": {
          "type": "object",
          "title": "Fetch Settings",
          "description": "System level settings for controlling fetch behavior and performance.",
          "required": [],
          "properties": {
            "indexingInactivityTimeout": {
              "type": "number",
              "title": "Indexing inactivity timeout(seconds)",
              "description": "The maximum amount of time to wait for indexing results (in seconds). If exceeded, the job will fail with an indexing inactivity timeout.",
              "default": 86400,
              "maximum": 691200,
              "exclusiveMaximum": false,
              "minimum": 60,
              "exclusiveMinimum": false,
              "multipleOf": 1
            },
            "numFetchThreads": {
              "type": "number",
              "title": "Fetch Threads",
              "description": "Maximum number of fetch threads; defaults to 5. This setting controls the number of threads that call the Connectors fetch method. Higher values can, but not always, help with overall fetch performance.",
              "default": 5,
              "maximum": 500,
              "exclusiveMaximum": false,
              "minimum": 1,
              "exclusiveMinimum": false,
              "multipleOf": 1
            },
            "indexingThreads": {
              "type": "number",
              "title": "Index Subscription Threads",
              "description": "Maximum number of indexing threads; defaults to 4. This setting controls the number of threads in the indexing service used for processing content documents emitted by this datasource. Higher values can sometimes help with overall fetch performance.",
              "default": 4,
              "maximum": 10,
              "exclusiveMaximum": false,
              "minimum": 1,
              "exclusiveMinimum": false,
              "multipleOf": 1
            },
            "pluginInstances": {
              "type": "number",
              "title": "Number of plugin instances for distributed fetching",
              "description": "Maximum number of plugin instances for distributed fetching. Only specified number of plugin instances will do fetching. This is useful for distributing load between different instances.",
              "default": 0,
              "maximum": 500,
              "exclusiveMaximum": false,
              "minimum": 0,
              "exclusiveMinimum": false,
              "multipleOf": 1
            },
            "fetchItemQueueSize": {
              "type": "number",
              "title": "Fetch Item Queue Size",
              "description": "Size of the fetch item queue.Larger values result in increased memory usage, but potentially higher performance.Default is 10k.",
              "default": 10000,
              "hints": ["hidden"],
              "maximum": 500000,
              "exclusiveMaximum": false,
              "minimum": 1,
              "exclusiveMinimum": false,
              "multipleOf": 1
            },
            "fetchRequestCheckInterval": {
              "type": "number",
              "title": "Fetch request check interval(ms)",
              "description": "The amount of time to wait before check if a request is done",
              "default": 15000,
              "hints": ["hidden"],
              "maximum": 500000,
              "exclusiveMaximum": false,
              "minimum": 1000,
              "exclusiveMinimum": false,
              "multipleOf": 1
            },
            "fetchResponseScheduledTimeout": {
              "type": "number",
              "title": "Fetch response scheduled timeout(ms)",
              "description": "The maximum amount of time for a response to be scheduled. The task will be canceled if this setting is exceeded.",
              "default": 300000,
              "maximum": 500000,
              "exclusiveMaximum": false,
              "minimum": 1000,
              "exclusiveMinimum": false,
              "multipleOf": 1
            },
            "fetchResponseCompletedTimeout": {
              "type": "number",
              "title": "Fetch response completion timeout(ms)",
              "description": "The maximum amount of time for a response to be completed. If exceeded, the task will be retried if the job is still running",
              "default": 300000,
              "hints": ["hidden"],
              "maximum": 600000,
              "exclusiveMaximum": false,
              "minimum": 1,
              "exclusiveMinimum": false,
              "multipleOf": 1
            },
            "pluginInactivityTimeout": {
              "type": "number",
              "title": "Plugin inactivity timeout(seconds)",
              "description": "The maximum amount of time to wait for plugin activity (in seconds). If exceeded, the job will fail with a plugin inactivity timeout.",
              "default": 600,
              "maximum": 691200,
              "exclusiveMaximum": false,
              "minimum": 60,
              "exclusiveMinimum": false,
              "multipleOf": 1
            },
            "indexMetadata": {
              "type": "boolean",
              "title": "Index metadata",
              "description": "When enabled the metadata of skipped items will be indexed to the content collection.",
              "default": false
            },
            "indexContentFields": {
              "type": "boolean",
              "title": "Index content fields",
              "description": "When enabled, content fields will be indexed to the crawl-db collection.",
              "default": false
            },
            "asyncParsing": {
              "type": "boolean",
              "title": "Async Parsing",
              "description": "When enabled, content will be indexed asynchronously.",
              "default": false
            }
          },
          "interfaces": ["com.lucidworks.fusion.connector.plugin.api.config.CoreConfig$FetchSystemSettings"]
        }
      },
      "interfaces": ["com.lucidworks.fusion.connector.plugin.api.config.CoreConfig"],
      "hints": ["advanced"]
    }
  },
  "category": "LDAP",
  "interfaces": ["com.lucidworks.connector.plugins.ldapacls.config.LdapAclsConfig", "com.lucidworks.fusion.connector.plugin.api.config.ConnectorConfig"]
};

export const SchemaParamFields = ({schema}) => {
  const sanitize = str => {
    if (typeof str !== "string") return str;
    return str.replace(/^"(.*)"$/s, "$1").replace(/\\/g, "").replace(/"/g, "'");
  };
  const formatDescription = str => {
    const s = sanitize(str);
    return (/[.!?]\)*$/).test(s) ? s : `${s}.`;
  };
  const {description, properties = {}, required: requiredProps = []} = schema;
  const visibleProps = useMemo(() => Object.entries(properties).filter(([, prop]) => !prop.hints?.includes("hidden")), [properties]);
  return <div>
      {description && <p>{formatDescription(description)}</p>}

      {visibleProps.map(([name, prop]) => {
    const isRequired = requiredProps.includes(name);
    const hasDefault = prop.default !== undefined;
    const rawDefault = prop.default;
    const isComplexDefault = hasDefault && (typeof rawDefault === "object" || typeof rawDefault === "string" && (rawDefault.length > 20 || rawDefault.includes('"')));
    const fieldProps = {
      key: name,
      body: prop.title || name,
      type: prop.type,
      ...prop.title && ({
        post: [<><span className="text-stone-400 dark:text-stone-500">API property: </span>{name}</>]
      }),
      ...isRequired && ({
        required: true
      }),
      ...!isComplexDefault && hasDefault ? {
        default: sanitize(String(rawDefault))
      } : {}
    };
    const isObject = prop.type === "object" && prop.properties;
    const isArrayOfObjects = prop.type === "array" && prop.items?.type === "object" && prop.items.properties;
    return <ParamField {...fieldProps}>
            {prop.description && <p>{formatDescription(prop.description)}</p>}

            {isComplexDefault && <div className="flex">
                <p>
                  <strong>Default:</strong>
                </p>
                <pre className="!my-0">
                  <code>
                    {JSON.stringify(rawDefault, null, 2)}
                  </code>
                </pre>
              </div>}

            {isArrayOfObjects && <div className="flex">
              <p>
                <strong>Object attributes:</strong>
              </p>
              <pre className="!my-0">
                <code>
                  {'{\n'}
                  {Object.entries(prop.items.properties).map(([iname, iprop]) => <>
                      {`  ${iname}`}
                      {prop.items?.required?.includes(iname) && <span style={{
      color: 'red'
    }}> required</span>}
                      {`: {\n    display name: ${sanitize(iprop.title || '')}\n    type: ${iprop.type}\n  }\n`}
                    </>)}
                  {'}'}
                </code>
              </pre>
              </div>}

            {isObject && <Expandable title="properties">
                <SchemaParamFields schema={{
      properties: prop.properties,
      required: prop.required
    }} />
              </Expandable>}
          </ParamField>;
  })}
    </div>;
};

export const LwTemplate = ({title = "Key questions to get you started", icon = "sparkles", cta = "Powered by Agent Studio", linkHref = "https://lucidworks.com/demo/?utm_source=docs&utm_medium=referral&utm_campaign=docs_cta_ai"}) => {
  const [isLoaded, setIsLoaded] = useState(false);
  useEffect(() => {
    const timer = setTimeout(() => {
      setIsLoaded(true);
    }, 500);
    return () => clearTimeout(timer);
  }, []);
  return <div className="lw-template-container">
      <Card title={title} icon={icon}>
        {isLoaded && <span dangerouslySetInnerHTML={{
    __html: `<lw-template id="a029c1a9-28be-427e-b0e1-5d918920246a"></lw-template
            >`
  }} />}
        <Link href={linkHref} className="agent-studio-link text-left text-gray-600 gap-2 dark:text-gray-400 text-sm font-medium flex flex-row items-center hover:text-primary dark:hover:text-primary-light group-hover:text-primary group-hover:dark:text-primary-light">Powered by Lucidworks Agent Studio</Link>
      </Card>
    </div>;
};

[localhost link]: http://localhost:3000/docs/fusion-connectors/connectors/v1/ad-acl

[mintlify link]: https://doc.lucidworks.com/docs/fusion-connectors/connectors/v1/ad-acl

[old doc.lw link]: https://doc.lucidworks.com/fusion-connectors/45

<Callout icon="plug" color="#A4C6F7" iconType="solid">
  **Compatible with Fusion version:** 4.2.6 through 4.2.6
</Callout>

<Accordion title="Use the Active Directory ACL Collection (V1)">
  The Active Directory Connector for ACLs indexes Access Control List (ACL) information into a configured "sidecar" Solr collection, so that it can be used by other connectors.

  <Note>This article describes how to use an ACL collection generated by the [Active Directory Connector for ACLs](/docs/fusion-connectors/connectors/v1/ad-acl) in *V1 platform version*.</Note>

  During the security trimming stage, the ACL collection is queried using a Solr graph query, which creates a graph of the results using nodes from one document to another.

  To use the ACL collection, provide the inputs described below when configuring the [Active Directory Connector for ACLs](/docs/fusion-connectors/connectors/v1/ad-acl):

  | Input                                                 | Description                                                                                                                                                                                       | Example                                   |
  | ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------- |
  | Start Links                                           | Each LDAP or LDAPS URL that is crawled.                                                                                                                                                           | `ldaps://na.lucidworks.com`               |
  | LDAP User Principal                                   | The user principal account that crawls LDAP.                                                                                                                                                      | `firstname.lastname@na.lucidworks.com`    |
  | LDAP User Password                                    | The password of the user that crawls LDAP.                                                                                                                                                        | `Password123`                             |
  | LDAP Search Base                                      | The base DN that performs the crawl.                                                                                                                                                              | `DC=na,DC=lucidworks,DC=com`              |
  | LDAP User Base (optional)                             | A list of users that are permitted to access a specific LDAP base.                                                                                                                                | `OU=Users,DC=na,DC=lucidworks,DC=com`     |
  | LDAP Group Base (optional)                            | A list of groups that are permitted to access a specific LDAP base.                                                                                                                               | `OU=Groups,DC=na,DC=lucidworks,DC=com`    |
  | LDAP User Filter (optional)                           | A custom attribute filter that finds user records in LDAP.                                                                                                                                        | `(&(objectclass=user)(sAMAccountName=*))` |
  | LDAP Group Filter (optional)                          | A custom attribute filter that finds group records in LDAP.                                                                                                                                       | `(&(objectclass=group))`                  |
  | SOLR ACL Collection Name                              | The name of the ACL collection.                                                                                                                                                                   | `acl`                                     |
  | Index sAMAccountName Users (Active Directory only)    | When active, a document is created in the ACL collection representing a user with an ID of `sAMAccountName`. This allows security trimming on the domain\username version of the username.        | `true`                                    |
  | Index userPrincipalName Users (Active Directory only) | When active, a document is created in the ACL collection representing a user with an ID of `userPrincipalName`. This allows security trimming on the `username@fqdn.com` version of the username. | `false`                                   |
</Accordion>

<LwTemplate />

## Learn more

<Accordion title="Handle a Multi-Domain Active Directory">
  The Active Directory Connector for ACLs indexes Access Control List (ACL) information into a configured "sidecar" Solr collection, so that it can be used by other connectors.

  For applications involving multi-domain Active Directory, you need one LDAP data source per domain. Here is an example of a multi-domain Active Directory:

  | Domain             | Type          |
  | ------------------ | ------------- |
  | lucidworks.com     | parent domain |
  | na.lucidworks.com  | child domain  |
  | can.lucidworks.com | child domain  |
  | sa.lucidworks.com  | child domain  |

  In this example, you must have several data sources:

  ```bash theme={"dark"}
  ldap://na.lucidworks.com
  Base DN: DC=na,DC=lucidworks,DC=com

  ldap://can.lucidworks.com
  Base DN: DC=can,DC=lucidworks,DC=com

  ldap://sa.lucidworks.com
  Base DN: DC=sa,DC=lucidworks,DC=com
  ```

  Please note that querying the Active Directory Global Catalog to have a single LDAP ACL datasource does not work, as the global catalog does not replicate the `memberOf` attribute of `person` objects. Doing so results in users not able to see the expected documents.

  However, you may be able to set up Active Directory to [replicate that attribute](https://learn.microsoft.com/en-us/windows/win32/ad/attributes-included-in-the-global-catalog). This would allow you to use a single global catalog for your entire Active Directory forest, if desired.
</Accordion>

## Configuration

<Tip>
  When entering configuration values in the UI, use *unescaped* characters, such as `\t` for the tab character. When entering configuration values in the API, use *escaped* characters, such as `\\t` for the tab character.
</Tip>

<SchemaParamFields schema={schema} />
