Use the LDAP Settings screen to integrate
DLP user-group definitions with Microsoft Active Directory.
Navigate to Administration → LDAP.
The LDAP Settings screen appears.
Select Enable Primary LDAP Server and
type server details:
Server name accepts an IP address for the Active
Directory (AD) or a DNS name.
Base DN is the Distinguished Name (DN) where the AD search
would begin.
Port - 389 is the default. 3628 is used for the Global
Catalog. Port numbers greater than 65535 or smaller than 1 are not
valid.
Login Domain name and Password authorizes logging into
the Active Directory.
Enable SSL transports AD data over the Secure Socket
Layer.
* When Enable SSL is selected, you must use port 3269
or 636.
* When Enable SSL is not selected, you cannot use
port 3269 or 636.
Select Enable Backup LDAP Server and
configure its settings, if applicable.
Type the LDAP Cache Expiration. This is the duration
that DLP caches LDAP information queried from the Active Directory.
For the most current information, do not set the cache value for
longer than one day. Alternately, do not set the cache value too
short. Without the cache, the search query has to go round trip
to the active directory.
Click Save.
A confirmation screen appears asking if you want
to restart the DLP server so that changes can take effect.
Click OK so that DLP can implement
the new changes.
Note
Check the Base DN and Server Name. When using
a hostname/DNS name, make sure your DNS server query resolve is
okay.
