Configure LDAP settings for user-group definition, administrator privileges, or end-user quarantine authentication. You can enable up to two LDAP servers for each IMSA device.
To configure LDAP settings:
Next to LDAP server type, choose the type of LDAP servers on your network:
Microsoft Active Directory
Domino
Sun iPlanet Directory
Next to Enable LDAP1, select the check box.
Next to LDAP server, type the server name or IP address.
Next to Listening port number, type the port number that the LDAP server uses to listen to access requests.
Configure the settings under LDAP2 if necessary
Under LDAP cache expiration for policy servers and EUQ servers, type the Time to Live in minutes.
Time To Live—Duration that determines how long IMSA retains the LDAP query results in the cache. Specifying a longer duration enhances LDAP query during policy execution. However, the policy server will be less responsive to changes in the LDAP server. A shorter duration means that IMSA has to perform the LDAP query more often, thus lowering the performance.
Under LDAP admin, type the administrator account, and the corresponding password.
Type the base distinguished name.
Select an authentication method:
Simple
Advanced—Uses Kerberos authentication for Active Directory. Configure the following:
Kerberos authentication default realm
Default domain
KDC and admin server
KDC port number
Click Next >.
LDAP Server |
LDAP Admin Account (examples) |
Base Distinguished Name (examples) |
Authentication Method |
Active Directory |
Without Kerberos: user1@domain.com (UPN) or domain\user1 With Kerberos: user1@domain.com |
dc=domain, dc=com |
Simple Advanced (with Kerberos) |
Domino |
user1/domain |
Not applicable |
Simple |
Sun iPlanet Directory |
uid=user1, ou=people, dc=domain, dc=com |
dc=domain, dc=com |
Simple |
See also: