sys_connect_ldap_help

Configuring LDAP Settings

Configure LDAP settings for user-group definition, administrator privileges, or end-user quarantine authentication.

Configure multiple and mixed type LDAP servers from the Administration > IMSVA Configuration > Connections | LDAP screen. You cannot configure more than one LDAP server from the Configuration Wizard.

If more than one LDAP server is used, IMSVA synchronizes the account information from the LDAP servers to the IMSVA local cache. The time required for synchronization between the servers depends on the number of accounts on your LDAP servers. When synchronization completes, the time and date appear in the Last Synchronized column. IMSVA automatically synchronizes the accounts daily. You can manually trigger synchronization by clicking Save & Synchronize.

If the LDAP settings on the Administration > Connections > LDAP screen are not configured, the following LDAP related features will not work:

  1. Navigate to the LDAP tab.

  2. Click Add. The LDAP Settings screen appears.

  3. Type a meaningful description for the LDAP server.

  4. Next to LDAP server type, choose the type of LDAP servers on your network:

  5. Next to Enable LDAP 1, select the check box.

  6. Next to LDAP server, type the server name or IP address.

  7. Next to Listening port number, type the port number that the LDAP server uses to listen to access requests.

  8. Configure the settings under LDAP 2 if necessary.

  9. Under LDAP cache expiration for policy services and EUQ services, type the Time to live in minutes.

  10. Time To Live: Determines how long IMSVA retains the LDAP query results in the cache. Specifying a longer duration enhances LDAP query during policy execution. However, the policy server will be less responsive to changes in the LDAP server. A shorter duration means that IMSVA has to perform the LDAP query more often, thus reducing performance.

  11. Under LDAP admin, type the administrator account, the corresponding password and the base distinguished name. Refer to the table below for assistance on what to specify under this section according to the LDAP server type:

  12. LDAP Server Types

    LDAP Server

    LDAP Admin Account (examples)

    Base Distinguished Name (examples)

    Authentication Method

    Active Directory

    Without Kerberos: user1@domain.com (UPN) or domain\user1

    With Kerberos: user1@domain.com

    dc=domain, dc=com

    Simple

    Advanced (with Kerberos)

    Active Directory Global Catalog

    Without Kerberos: user1@domain.com (UPN) or domain\user1

    With Kerberos: user1@domain.com

    dc=domain, dc=com

    dc=domain1,dc=com (if muti­ple unique domains exist)

    Simple

    Advanced (with Kerberos)

    OpenLDAP

    cn=manager, dc=test1, dc=com

    dc=test1, dc=com

    Simple

    Lotus Domino

    user1/domain

    Not applicable

    Simple

    Sun iPlanet Directory

    uid=user1, ou=people, dc=domain, dc=com

    dc=domain, dc=com

    Simple

  13. Select an authentication method:

  14. Click Add.

  15. If you are using the Configuration Wizard, click Next.

  16. Click Save & Synchronize.

  1. Navigate to the LDAP tab.

  2. Click a server name from the LDAP server table.

  3. Type a meaningful description for the LDAP server.

  4. Next to LDAP server type, choose the type of LDAP servers on your network:

  5. Next to Enable LDAP 1, select the check box.

  6. Next to LDAP server, type the server name or IP address.

  7. Next to Listening port number, type the port number that the LDAP server uses to listen to access requests.

  8. Configure the settings under LDAP 2 if necessary.

  9. Under LDAP cache expiration for policy services and EUQ services, type the Time to live in minutes.

  10. Time To Live: Determines how long IMSVA retains the LDAP query results in the cache. Specifying a longer duration enhances LDAP query during policy execution. However, the policy server will be less responsive to changes in the LDAP server. A shorter duration means that IMSVA has to perform the LDAP query more often, thus reducing performance.

  11. Under LDAP admin, type the administrator account, the corresponding password and the base distinguished name. Refer to the table below for assistance on what to specify under this section according to the LDAP server type:

  12. LDAP Server Types

    LDAP Server

    LDAP Admin Account (examples)

    Base Distinguished Name (examples)

    Authentication Method

    Active Directory

    Without Kerberos: user1@domain.com (UPN) or domain\user1

    With Kerberos: user1@domain.com

    dc=domain, dc=com

    Simple

    Advanced (with Kerberos)

    Active Directory Global Catalog

    Without Kerberos: user1@domain.com (UPN) or domain\user1

    With Kerberos: user1@domain.com

    dc=domain, dc=com

    dc=domain1,dc=com (if muti­ple unique domains exist)

    Simple

    Advanced (with Kerberos)

    OpenLDAP

    cn=manager, dc=test1, dc=com

    dc=test1, dc=com

    Simple

    Lotus Domino

    user1/domain

    Not applicable

    Simple

    Sun iPlanet Directory

    uid=user1, ou=people, dc=domain, dc=com

    dc=domain, dc=com

    Simple

  13. Select an authentication method:

  14. Click Add.

  15. Click Save & Synchronize.