Use this page to configure connections to an LDAP server.
You must click does not save your settings.
to save these settings. The button verifies the connection, butRed asterisks mark required fields.
|
Active Directory. This is not configurable; Windows Active Directory is the only LDAP directory type that is currently supported. |
|
The domain name for this LDAP server. |
|
LDAP Server address. This can be a specific server name (myserver.mydomain.com), an IP address (10.10.123.123), or the domain address (mydomain.com). |
|
Port used by the LDAP server. 3268 is the default, and is standard for Active Directory global catalog for non-secure connections (LDAP). 3269 is the default for secure Active Directory global catalog for secure connections (LDAPS). Use of the default global catalog ports is recommended for better performance. For connections without using global catalog, 389 is standard for non-secure connections and 636 is standard for secure connections. |
|
Clicking LDAP Server Advanced Domain Settings. expands the display to show the following options. Use these settings to customize how Reflection Gateway manages user authentication to this LDAP server. For additional information, seeapply to password authentication only; X.509 certificate authentication always requires user mapping that specifies both a domain and username.
If you have multiple LDAP servers configured, you can use this option to map the value in to these servers. This can improve performance, because Reflection Gateway authenticates first against the servers you specify here.
When set to Yes, any domain name the user enters at login is removed before Reflection Gateway authenticates the user to this LDAP server. For example, if a user enters acme\joe, the domain name acme is removed. If no is specified, only the user ID joe is sent to the server for authentication.
Specifies a default domain name to include when Reflection Gateway authenticates users to this LDAP server. For example, if you specify domain1 and a user logs in as user_name, the user is authenticated as domain1\user_name. This can be used in combination with to replace any domain name that the user includes with the value you specify here. |
|
Name of a user who has read access to this LDAP directory. NOTE:You must include the user's domain. For example: mydomain\user user@mydomain user@mydomain.com |
|
The LDAP user's password |
|
The base DN under which users are located. For example: OU=Users,DC=mydomain,DC=com |
|
(Optional) Limits the list of users added to Gateway Administrator to those included in the specified filter. If no filter is specified, all users in the specified Base DN are added. Use standard LDAP filter syntax. This example retrieves users in the group myGroup: (|(&(objectCategory=user)(memberOf=CN=myGroup,OU=Users,DC=mydomain,DC=com))(&(objectCategory=group)(CN=myGroup))) |
|
Select this option to connect to the server using LDAP over SSL (LDAPS). To make a successful secure connection, you must enable , provide the correct for LDAPS connections to this server (the port changes to 3269 by default), and use to browse to the certificate for this server. After you retrieve a certificate, information about that certificate will be displayed on the page. |