Orchestrator
2023.4
False
- 入门指南
- 最佳实践
- 租户
- 资源目录服务
- 文件夹上下文
- 自动化
- 流程
- 作业
- 触发器
- 日志
- 监控
- 队列
- 资产
- 存储桶
- Test Suite - Orchestrator
- 主机管理
- 身份服务器
- 身份验证
- 在 Active Directory 适配器之间切换
- 配置 SSO:Google
- 配置 SSO:Azure Active Directory
- 智能卡身份验证
- 组织管理
- 其他配置
- 集成
- 传统机器人
- 故障排除
Orchestrator 用户指南
Last updated 2024年6月6日
在 Active Directory 适配器之间切换
UiPath™ Identity Server 为两个 Active Directory 适配器提供支持:
ad 和 ldapad。
-
ad适配器:仅在独立部署中工作的旧版适配器。ad适配器仅在 Windows 上运行,并且支持外部信任域和 NTLM,为未加入域的客户端进行身份验证提供支持。 -
ldapad适配器:2021 年 10 月推出的适配器。ldapad适配器适用于独立部署和 Automation Suite 部署,并且不支持外部信任域和 NTLM 对未加入域的客户端进行身份验证。
|
部署 |
ad 适配器
|
ldapad 适配器
|
|---|---|---|
|
单机版 |
支持 备注:
支持外部信任域和 NTLM - 支持未加入域的客户端进行身份验证。 |
支持 |
|
Automation Suite |
不支持 |
支持 |
备注:
版本 2021.10 之前的所有启用了 Active Directory 集成的部署在升级后都会保留
ad 适配器。启用 Active Directory 集成后,所有其他部署都会默认获取 ldapad 适配器。
要确定适配器类型,可以执行 SQL 查询,以检查 如果是
[identity].[DirectoryConnections] 表中的适配器类型。SELECT dc.* from [identity].[DirectoryConnections] dc
JOIN [identity].[Partitions] p ON p.[Id]=dc.[PartitionId]
WHERE p.[GlobalId]='FEB0DD79-85B6-483B-B297-0E49A1AA5B7D' AND dc.[IsDeleted]=0SELECT dc.* from [identity].[DirectoryConnections] dc
JOIN [identity].[Partitions] p ON p.[Id]=dc.[PartitionId]
WHERE p.[GlobalId]='FEB0DD79-85B6-483B-B297-0E49A1AA5B7D' AND dc.[IsDeleted]=0
[Type]=ad,则表示正在使用 ad 适配器。如果是 [Type]='ldapad',则表示正在使用 ldapad 适配器。
备注:
仅在独立部署中支持此操作。
要将
ldapad 切换到 ad,请执行以下操作:
-
确保以下查询返回一行,以检查
ldapad适配器是否已启用。SELECT dc.* from [identity].[DirectoryConnections] dc JOIN [identity].[Partitions] p ON p.[Id]=dc.[PartitionId] WHERE p.[GlobalId]='FEB0DD79-85B6-483B-B297-0E49A1AA5B7D' AND dc.[Type]='ldapad' AND dc.[IsDeleted]=0SELECT dc.* from [identity].[DirectoryConnections] dc JOIN [identity].[Partitions] p ON p.[Id]=dc.[PartitionId] WHERE p.[GlobalId]='FEB0DD79-85B6-483B-B297-0E49A1AA5B7D' AND dc.[Type]='ldapad' AND dc.[IsDeleted]=0 -
连接到 Orchestrator/Identity 数据库并运行下面的脚本,确保将
FQDN-OF-DOMAIN替换为默认域/主域的完全限定名称。在 UiPath 主机门户中启用 Active Directory 集成后,以下 SQL 脚本会更新 Active Directory 用户和组的DirectoryId、软删除ldapad目录连接,并创建ad目录连接。-- convert users IF OBJECT_ID('tempdb..#tmp_ldap_users') IS NOT NULL DROP TABLE #tmp_ldap_users SELECT [Id], [MasterPartitionId], CONCAT('ad', SUBSTRING([DirectoryId], 7, 256)) AS [DirectoryId] INTO #tmp_ldap_users FROM [identity].[AspNetUsers] WHERE [DirectoryId] LIKE 'ldapad|%' AND [IsDeleted]=0 --SELECT * FROM #tmp_ldap_users DELETE tmp FROM #tmp_ldap_users tmp JOIN [identity].[AspNetUsers] u ON u.[MasterPartitionId]=tmp.[MasterPartitionId] AND u.[DirectoryId]=tmp.[DirectoryId] --SELECT * FROM #tmp_ldap_users UPDATE u SET u.[DirectoryId]=tmp.[DirectoryId] FROM [identity].[AspNetUsers] u JOIN #tmp_ldap_users tmp on tmp.[Id]=u.[Id] -- create 'ad' directory connection DECLARE @HostPartitionId int -- host partition id SELECT @HostPartitionId = [Id] FROM [identity].[Partitions] WHERE [GlobalId]='FEB0DD79-85B6-483B-B297-0E49A1AA5B7D' UPDATE [identity].[DirectoryConnections] SET [IsDeleted]=1, [DeletionTime]=GETUTCDATE() WHERE [PartitionId]=@HostPartitionId AND [Type]='ldapad' and [IsDeleted]=0 SELECT * FROM [identity].[DirectoryConnections] WHERE [PartitionId]=@HostPartitionId AND [Type]='ad' and [IsDeleted]=0 IF @@ROWCOUNT=0 INSERT INTO [identity].[DirectoryConnections] ([PartitionId], [Type], [CreationTime], [Configuration], [IsDeleted]) VALUES (@HostPartitionId, 'ad', GETUTCDATE(), '{ "Domain": "<FQDN-OF-DOMAIN>" }', 0) SELECT * FROM [identity].[DirectoryConnections] WHERE [PartitionId]=@HostPartitionId AND [IsDeleted]=0-- convert users IF OBJECT_ID('tempdb..#tmp_ldap_users') IS NOT NULL DROP TABLE #tmp_ldap_users SELECT [Id], [MasterPartitionId], CONCAT('ad', SUBSTRING([DirectoryId], 7, 256)) AS [DirectoryId] INTO #tmp_ldap_users FROM [identity].[AspNetUsers] WHERE [DirectoryId] LIKE 'ldapad|%' AND [IsDeleted]=0 --SELECT * FROM #tmp_ldap_users DELETE tmp FROM #tmp_ldap_users tmp JOIN [identity].[AspNetUsers] u ON u.[MasterPartitionId]=tmp.[MasterPartitionId] AND u.[DirectoryId]=tmp.[DirectoryId] --SELECT * FROM #tmp_ldap_users UPDATE u SET u.[DirectoryId]=tmp.[DirectoryId] FROM [identity].[AspNetUsers] u JOIN #tmp_ldap_users tmp on tmp.[Id]=u.[Id] -- create 'ad' directory connection DECLARE @HostPartitionId int -- host partition id SELECT @HostPartitionId = [Id] FROM [identity].[Partitions] WHERE [GlobalId]='FEB0DD79-85B6-483B-B297-0E49A1AA5B7D' UPDATE [identity].[DirectoryConnections] SET [IsDeleted]=1, [DeletionTime]=GETUTCDATE() WHERE [PartitionId]=@HostPartitionId AND [Type]='ldapad' and [IsDeleted]=0 SELECT * FROM [identity].[DirectoryConnections] WHERE [PartitionId]=@HostPartitionId AND [Type]='ad' and [IsDeleted]=0 IF @@ROWCOUNT=0 INSERT INTO [identity].[DirectoryConnections] ([PartitionId], [Type], [CreationTime], [Configuration], [IsDeleted]) VALUES (@HostPartitionId, 'ad', GETUTCDATE(), '{ "Domain": "<FQDN-OF-DOMAIN>" }', 0) SELECT * FROM [identity].[DirectoryConnections] WHERE [PartitionId]=@HostPartitionId AND [IsDeleted]=0 -
通过在提升的提示符下运行
iisreset来重新启动身份应用程序池。
-
确保以下查询返回一行,以检查
ad适配器是否已启用。SELECT dc.* from [identity].[DirectoryConnections] dc JOIN [identity].[Partitions] p ON p.[Id]=dc.[PartitionId] WHERE p.[GlobalId]='FEB0DD79-85B6-483B-B297-0E49A1AA5B7D' AND dc.[Type]='ad' AND dc.[IsDeleted]=0SELECT dc.* from [identity].[DirectoryConnections] dc JOIN [identity].[Partitions] p ON p.[Id]=dc.[PartitionId] WHERE p.[GlobalId]='FEB0DD79-85B6-483B-B297-0E49A1AA5B7D' AND dc.[Type]='ad' AND dc.[IsDeleted]=0 -
在主机门户中禁用 Active Directory 集成。
-
在主机门户中重新激活 Active Directory 集成。
