Configuring an LDAP Server

Procedure

1. Obtain the information required to configure LDAP integration from the server administrator.
2. Go to Administration → Integrated Products/Services → LDAP.
3. Do one of the following:
   • Click Add to add a new entry.
   • Click a name to change the server settings.
4. Select a server type.
5. Select to enable one or both primary and secondary servers.
6. Configure the server settings (server address, access protocol, and port number).

   Note Trend Micro recommends using the following default ports: For Microsoft Active Directory, Domino, or OpenLDAP: SSL: 636 STARTTLS: 389 For Microsoft AD Global Catalog: SSL: 3269 STARTTLS: 3268

7. Configure administrative settings for the LDAP server.
   The following table provides the configuration recommendations for each supported LDAP server type.

   LDAP Server Type	User Account (example)	Base Distinguished Name (example)	Authentication Method
   Active Directory	user1@domain.com (UPN)	dc=domain, dc=com	Simple Advanced (with Kerberos)
   Active Directory Global Catalog	user1@domain.com (UPN)	dc=domain, dc=com dc=domain1,dc=com (if multiple unique domains exist)	Simple Advanced (with Kerberos)
   OpenLDAP	cn=manager, dc=test1, dc=com	dc=test1, dc=com	Simple
   IBM Domino	user1/domain	Not applicable	Simple

   1. Type the base distinguished name.
   2. Select an email address attribute option to apply policy settings based on the address information.
   3. Type the user name.
   4. Type the password.
   5. (Optional) If your organization uses a CA certificate, select Use CA certificate and click Select to locate the CA certificate file.
   6. In the Authentication Method section, select Simple or Advanced.
      For Active Directory, select Advanced and configure the required settings.
8. (Optional) Click Test Connection to verify that a connection to the LDAP server can be established using the specified information.
9. Click Save.