Expand all | Collapse all
LDAP Configuration
Configure the connection between the Cloud Identity agent
and your on-premises Active Directory or OpenLDAP-based directory.
Use this page to configure the connection between the
Cloud Identity agent and your on-premises Active Directory or OpenLDAP-based
directory.
| Specify the login name (Distinguished Name)
for your Active Directory or OpenLDAP-based directory. |
| Specify the password associated
with the login name (DN). |
| Select the protocol the agent
uses to connect to the Active Directory or OpenLDAP-based directory: LDAP — Connect using the default LDAP
on port 389. LDAPS — (Default) Connect using LDAP over
SSL (LDAPS) on port 636. This option requires a CA certificate in
the Local Computer certificate store on the agent host or in the
Trusted Root CA store for your Active Directory or OpenLDAP-based
directory. LDAP with STARTTLS —Connect using LDAPv3
Transport Layer Security (TLS) on port 389. This option requires
a CA certificate the Local Computer certificate on the agent host
or in the Trusted Root CA store for your Active Directory or OpenLDAP-based
directory.
|
| Specify the time limit (in
seconds) that the agent waits when connecting to the Active Directory
or OpenLDAP-based directory (default is 30, range is 1-60 seconds).
If the timeout occurs, the agent attempts to connect to the next
domain controller in the sequence for that domain. |
| Specify the time limit (in
seconds) when the agent stops searching the directory (default is
15, range is 1-120 seconds). |
| Add a server and
provide the following details: Name (optional) —The
name of your Active Directory or OpenLDAP-based directory. Domain —The fully qualified domain name
of your Active Directory or OpenLDAP-based directory. Network Address —IP address or fully qualified
domain name (FQDN) of your Active Directory or OpenLDAP-based directory. Port (optional) — Your Active Directory
or OpenLDAP-based directory port number (default for LDAP and LDAP
with STARTTLS is 389 and default for LDAPS is 636).
Do
not configure the agent to use the Global Catalog port (3268 for
LDAP or 3269 for LDAPS).
Base DN — ( Required for OpenLDAP ) Enter the base distinguished
name (DN) for your directory.
OpenLDAP requires the Base DN; without the Base DN,
directory searches cannot complete
successfully. When you enter the Base
DN, use the domainComponent format (for example,
DC=example,
DC=com
Type —Select your directory type: OpenLDAP —Configure the agent to use an
OpenLDAP-based directory server. Active Directory —Configure the agent
to use an Active Directory directory server.
The
changes are not confirmed until you click Commit . You can optionally Test Connectivity to Directory to
confirm the connection to your directory. To edit a directory server configuration, select the server’s
check box and click Edit . To delete a directory server configuration, select the server’s
check box and click Delete .
|