Configuring LDAP Settings Parent topic

Procedure

  1. Go to AdministrationIMSVA ConfigurationConnectionsLDAP tab.
  2. Click a server name from the LDAP server table.
  3. Specify a meaningful description for the LDAP server.
  4. Next to LDAP server type, select the type of LDAP servers on your network:
    • Domino
    • Microsoft Active Directory
    • Microsoft AD Global Catalog
    • OpenLDAP
    • Sun iPlanet Directory
  5. Next to Enable LDAP 1, select the check box.
  6. Next to LDAP server, specify the server name or IP address.
  7. Next to Listening port number, specify the port number that the LDAP server uses to listen to access requests.
  8. Configure the settings under LDAP 2 if necessary.
  9. Under LDAP cache expiration for policy services and EUQ services, specify the Time to live in minutes.
    Time To Live: Determines how long IMSVA retains the LDAP query results in the cache. Specifying a longer duration enhances LDAP query during policy execution. However, the policy server will be less responsive to changes in the LDAP server. A shorter duration means that IMSVA has to perform the LDAP query more often, thus reducing performance.
  10. Under LDAP admin, specify the administrator account, the corresponding password and the base distinguished name. Refer to the table below for assistance on what to specify under this section according to the LDAP server type:

    LDAP Server Types

    LDAP Server
    LDAP Admin Account (examples)
    Base Distinguished Name (examples)
    Authentication Method
    Active Directory
    Without Kerberos: user1@domain.com (UPN) or domain\user1
    With Kerberos: user1@domain.com
    dc=domain, dc=com
    Simple
    Advanced (with Kerberos)
    Active Directory Global Catalog
    Without Kerberos: user1@domain.com (UPN) or domain\user1
    With Kerberos: user1@domain.com
    dc=domain, dc=com
    dc=domain1,dc=com (if mutiple unique domains exist)
    Simple
    Advanced (with Kerberos)
    OpenLDAP
    cn=manager, dc=test1, dc=com
    dc=test1, dc=com
    Simple
    Lotus Domino
    user1/domain
    Not applicable
    Simple
    Sun iPlanet Directory
    uid=user1, ou=people, dc=domain, dc=com
    dc=domain, dc=com
    Simple
  11. Select an authentication method:
    • Simple
    • Advanced: Uses Kerberos authentication for Active Directory. Configure the following:
      • Kerberos authentication default realm: Default Kerberos realm for the client. For Active Directory use, the Windows domain name must be upper case (Kerberos is case-sensitive).
      • Default domain: The Internet domain name equivalent to the realm.
      • KDC and admin server: Hostname or IP address of the Key Distribution Center for this realm. For Active Directory, it is usually the domain controller.
      • KDC port number: The associated port number.
  12. Click Add.
    Note
    Note
    Only Active Directory and Active Directory Global Catalog support Kerberos Authentication.
  13. Click Save & Synchronize.