Cloud Identity Agent Help
    : LDAP Configuration
    Focus
    Download PDF
    Focus
    1. Home
    2. Cloud Identity
    3. Cloud Identity Agent Help
    4. Cloud Identity Agent Help
    5. LDAP Configuration
    Download PDF

    Cloud Identity Agent Help

    LDAP Configuration

    Table of Contents

    LDAP Configuration

    Configure the connection between the Cloud Identity agent and your on-premises Active Directory or OpenLDAP-based directory.
    Use this page to configure the connection between the Cloud Identity agent and your on-premises Active Directory or OpenLDAP-based directory.
    LDAP Configuration
    Bind DN
    Specify the login name (Distinguished Name) for your Active Directory or OpenLDAP-based directory.
    Bind Password
    Specify the password associated with the login name (DN).
    Protocol
    Select the protocol the agent uses to connect to the Active Directory or OpenLDAP-based directory:
    • LDAP
      — Connect using the default LDAP on port 389.
    • LDAPS
      — (Default) Connect using LDAP over SSL (LDAPS) on port 636. This option requires a CA certificate in the Local Computer certificate store on the agent host or in the Trusted Root CA store for your Active Directory or OpenLDAP-based directory.
    • LDAP with STARTTLS
      —Connect using LDAPv3 Transport Layer Security (TLS) on port 389. This option requires a CA certificate the Local Computer certificate on the agent host or in the Trusted Root CA store for your Active Directory or OpenLDAP-based directory.
    Bind Timeout
    Specify the time limit (in seconds) that the agent waits when connecting to the Active Directory or OpenLDAP-based directory (default is 30, range is 1-60 seconds). If the timeout occurs, the agent attempts to connect to the next domain controller in the sequence for that domain.
    Search Timeout
    Specify the time limit (in seconds) when the agent stops searching the directory (default is 15, range is 1-120 seconds).
    Servers
    Add
     a server and provide the following details:
    • Name (optional)
      —The name of your Active Directory or OpenLDAP-based directory.
    • Domain
      —The fully qualified domain name of your Active Directory or OpenLDAP-based directory.
    • Network Address
      —IP address or fully qualified domain name (FQDN) of your Active Directory or OpenLDAP-based directory.
    • Port (optional)
      — Your Active Directory or OpenLDAP-based directory port number (default for LDAP and LDAP with STARTTLS is 389 and default for LDAPS is 636).
      Do not configure the agent to use the Global Catalog port (3268 for LDAP or 3269 for LDAPS).
    • Base DN
      — (
      Required for OpenLDAP
      ) Enter the base distinguished name (DN) for your directory.
      OpenLDAP requires the Base DN; without the Base DN, directory searches cannot complete successfully.
      When you enter the Base DN, use the domainComponent format (for example,
      DC=example, DC=com
    • Type
      —Select your directory type:
      • OpenLDAP
        —Configure the agent to use an OpenLDAP-based directory server.
      • Active Directory
        —Configure the agent to use an Active Directory directory server.
    The changes are not confirmed until you click
    Commit
    .
    If your network uses a proxy server, configure the proxy server in the Cloud Identity Configuration.
    • You can optionally
      Test Connectivity to Directory
       to confirm the connection to your directory.
    • To edit a directory server configuration, select the server’s check box and click
      Edit
      .
    • To delete a directory server configuration, select the server’s check box and click
      Delete
      .

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.