Add or edit properties of Lightweight Directory Access Protocol (LDAP) groups that must be used with directory services. Use either DNS or manual methods to select domain controllers.
Prerequisites
If
RSA SecurID authentication is required on LDAP users, ensure that the LDAP groups are integrated with the RSA server.
Steps
Click
Application Settings > Users > Directory Services, and then click
Add.
In the
Connect to Directory Service dialog box, select the
Type of Directory
as
LDAP.
In the
Directory Name
box, enter a name for the LDAP directory.
Select the
Domain Controller Lookup
method:
DNS: In the
Method box, enter the domain name to query DNS for the domain controller.
Manual: In the
Method box, enter the FQDN or the IP address of the domain controller. For multiple servers, you can use a comma-separated list with a maximum of three servers.
Enter the LDAP Bind Distinguished Name (DN) and password.
NOTE:Anonymous bind is not supported for AD LDS.
In the
Advanced Options section:
By default, in the
Server Port field, the LDAP port number 636 is populated. To change, enter a port number.
NOTE:Only LDAPS ports are supported.
To match the LDAP configuration on the server, enter the group base DN to search for.
In the
Attribute of User Login field, enter the user attributes that are already configured in the LDAP system. It is recommended that this value is unique within the selected Base DN. Else, provide a
Search Filter to ensure that it is unique.
NOTE:
The user attributes should be configured in the LDAP system that is used to query before integrating on the directory services.
You must enter the user attributes as
cn or
sAMAccountName for AD LDS configuration and
UID for LDAP configuration.
If more than one user DN is found for the search combination of attribute and search filter, the login operation fails.
In the
Attribute of Group Membership box, enter the attribute that stores the groups and member information in the directory.
Enter the
Network Timeout and
Search Timeout duration in seconds. The maximum timeout duration that is supported is 300 s.
NOTE: To avoid timeouts when using Manual Lookup on multiple domain controllers, ensure that the cumulative Search Timeout value does not exceed the Network Timeout value. For example, for a list of three domain controllers, and a Network Timeout value of 300 s, the Search Timeout must not exceed 100 s.
To upload an SSL certificate, select
Certificate Validation and click
Select a file. The certificate should be a root CA Certificate encoded in Base 64 format.
The
Test connection button is enabled.
Click
Test connection, and then enter the bind user credentials of the domain to be connected to.
NOTE:While testing the connection, ensure that the
Test username is the value of the
Attribute of User Login entered previously.
Click
Test connection.
In the
Directory Service Information dialog box, a message is displayed to indicate a successful connection.
Click
OK.
Click
Finish.
Results
A job is created and run to add the requested directory in the Directory Services list.
Editing LDAP groups to be used with Directory Services
In the
DIRECTORY NAME column, select the directory. The Directory Service properties are displayed in the right pane.
Click
Edit.
In the
Connect to Directory Service dialog box, edit the data, and click
Finish. The data is updated and saved.
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\