LDAP - BlueCat Integrity - 9.4.0

Address Manager Administration Guide

Locale
English
Product name
BlueCat Integrity
Version
9.4.0

For Light Directory Access Protocol (LDAP) authenticators, set the following values in the Additional Properties section:

Field Description
LDAP Schema The type of LDAP schema: Active Directory, OpenLDAP, or Other LDAP. Selecting an option here changes the default settings in the User Prefix, Email Profile, MemberOf Prefix, Group Object Class, and LDAP Referral fields.
Enable SSL Select to enable Secure Socket Layer (SSL) communication between Address Manager and the LDAP server. If you select this option to enable SSL communication, you must import a certificate from the LDAP server to Address Manager as described in Enabling SSL on LDAP.
Port Number The TCP port number used for communication between Address Manager and the LDAP default server.
Search Base The Search Base Distinguished Name is the location from which the search for users on the LDAP server begins. For example:
  • cn=users,dc=example,dc=com represents the users container at example.com.
  • ou=sales,dc=example,dc=com represents the sales organizational unit at example.com.
User Object Class This field is mandatory and editable. The user object class locates a LDAP user. The default value appears depending on the type of server selected in the LDAP Schema field:
  • Active Directory sets the User Object Class as a person
  • OpenLDAP sets the User Object Class as a person
  • Other LDAP sets the User Object Class as a person
User Prefix The user attribute for user accounts in the LDAP tree. A default value appears here depending on the type of server selected in the LDAP Schema field:
  • Active Directory sets the User Prefix as sAMAccountName
  • OpenLDAP sets the User Prefix as uid
  • Other LDAP sets the User Prefix as cn

You can also replace the default with a custom value if your LDAP configuration uses a value other than one of the defaults listed above.

If your LDAP structure uses multiple user prefixes (for example, both cn and sAMAccountName), you need to create one LDAP authenticator for cn and a second LDAP authenticator for sAMAccountName.

Email Prefix This field is optional. Specify the variable to be used for the email prefix. A default value appears here depending on the type of server selected in the LDAP Schema field:
  • Active Directory sets the Email Prefix as userPrincipalName
  • OpenLDAP sets the Email Prefix as mail
  • Other LDAP sets the Email Prefix as mail
MemberOf Prefix This field is optional. The attribute that's used to store user-group membership information. A default value appears here depending on the type of server selected in the LDAP Schema field:
  • Active Directory sets the MemberOf Prefix as memberOf
  • OpenLDAP sets the MemberOf Prefix as memberuid
  • Other LDAP sets the MemberOf Prefix as memberOf
Group Object Class This field is optional. The object class that can be used to indicate a DN is a group. A default value appears here depending on the type of server selected in the LDAP Schema field:
  • Active Directory sets the Group Object Class as group
  • OpenLDAP sets the Group Object Class as posixGroup
  • Other LDAP sets the Group Object Class as groupOfUniqueNames
LDAP Referral This field is optional. This environment property indicates to the service providers how to handle referrals to external resources.
Aliases Dereferencing Mode This field is optional. This environment property indicates whether alias entries are dereferenced. If enabled, when you look up an alias entry, the alias is dereferenced and the object returned is the object that the alias is pointing to. You can configure one of the following settings:
  • Always—always dereference aliases. This is the default value.
  • Never—never dereference aliases.
  • Finding—only dereference aliases during name resolution.
  • Searching—only dereference aliases after name resolution.
Administrator Login The distinguished name or relative distinguished name for a user with rights to search the LDAP directory. This field and the Administrator Password field are required only when anonymous operations (logins) aren't allowed.
Append to search base Select this option to append the administrator login field with the search base field for the distinguished name. For example, search base DC=delta,DC=bcn with administrator login CN=Administrator,CN=Users creates CN=Administrator,CN=Users,DC=delta,DC=bcn.
Administrator Password The password for the user specified in the Administrator Login field.
Note: Customers using LDAP authentication who might be experiencing LDAP login issues have the option to configure the Global Catalogue port to improve login performance. For details, refer to Configuring Global Catalogue for Active Directory Authentication.