Views:

Procedure

  1. Click Next.
    The LDAP Settings screen appears.
  2. Specify a meaningful description for the LDAP server.
  3. Complete the following to enable LDAP settings:
    1. For LDAP server type, select one of the following:
      • Domino
      • Microsoft Active Directory
      • Microsoft AD Global Catalog
      • OpenLDAP
      • Sun iPlanet Directory
    2. To enable one or both LDAP servers, select the check boxes next to Enable LDAP 1 or Enable LDAP 2.
    3. Specify the names of the LDAP servers and the port numbers they listen on.
    4. Under LDAP Cache Expiration for Policy Services and EUQ services, type a number that represents the time to live next to the Time To Live in minutes field.
    5. Under LDAP Admin, type the administrator account, its corresponding password, and the base-distinguished name. See the following table for a guide on what to specify for the LDAP admin settings.

      LDAP admin settings

      LDAP Server
      LDAP Admin Account (examples)
      Base Distinguished Name (examples)
      Authentication Method
      Active Directory
      Without Kerberos: user1@domain.com (UPN) or domain\user1
      With Kerberos: user1@domain.com
      dc=domain, dc=com
      Simple
      Advanced (with Kerberos)
      Active Directory Global Catalog
      Without Kerberos: user1@domain.com (UPN) or domain\user1
      With Kerberos: user1@domain.com
      dc=domain, dc=com
      dc=domain1,dc=com (if multiple unique domains exist)
      Simple
      Advanced (with Kerberos)
      Lotus Domino
      cn=manager, dc=test1, dc=com
      dc=test1, dc=com
      Simple
      Lotus Domino
      user1/domain
      Not applicable
      Simple
      Sun iPlanet Directory
      uid=user1, ou=people, dc=domain, dc=com
      dc=domain, dc=com
      Simple
      Open LDAP
      cn=manager, dc=test1, dc=com
      dc=test1, dc=com
      Simple
    6. For Authentication method, click Simple or Advanced authentication. For Active Directory advanced authentication, configure the Kerberos authentication default realm, Default domain, KDC and admin server, and KDC port number.
      Note
      Note
      Specify LDAP settings only if you will use LDAP for user-group definition, administrator privileges, or web quarantine authentication.
    7. Select the Enable encrypted communication between IMSVA and LDAP check box and click Browse to upload a CA certificate file.