Configure LDAP settings for user-group definition, administrator privileges, or end-user quarantine authentication. You can enable up to two LDAP servers for each InterScan™ Messaging Security Appliance (IMSA) group.
To provide a backup LDAP server, configure two LDAP servers.
To configure LDAP settings:
Choose Administration > IMSA Configuration > Connections. The Components tab displays by default.
Click the LDAP tab.
Next to LDAP server type, choose the type of LDAP servers on your network:
Microsoft Active Directory
Domino
Sun iPlanet Directory
Next to Enable LDAP 1, select the check box.
Next to LDAP server, type the server name or IP address.
Next to Listening port number, type the port number that the LDAP server uses to listen to access requests.
Configure the settings under LDAP 2 if necessary.
Under LDAP cache expiration for policy services and EUQ services, type the Time to live in minutes.
Time To Live—Duration that determines how long IMSA retains the LDAP query results in the cache. Specifying a longer duration enhances LDAP query during policy execution. However, the policy server will be less responsive to changes in the LDAP server. A shorter duration means that IMSA has to perform the LDAP query more often, thus lowering the performance.
Under LDAP admin, type the administrator account, the corresponding password and the base distinguished name. Refer to the table below for assistance on what to specify under this section according to the LDAP server type:
LDAP Server |
LDAP Admin Account (examples) |
Base Distinguished Name (examples) |
Authentication Method |
Active Directory |
Without Kerberos: user1@domain.com (UPN) or domain\user1 With Kerberos: user1@domain.com |
dc=domain, dc=com |
Simple Advanced (with Kerberos) |
Domino |
user1/domain |
Not applicable |
Simple |
Sun iPlanet Directory |
uid=user1, ou=people, dc=domain, dc=com |
dc=domain, dc=com |
Simple |
Select an authentication method:
Simple
Advanced—Uses Kerberos authentication for Active Directory. Configure the following:
Kerberos authentication default realm—Default Kerberos realm for the client. For Active Directory it must be the Windows domain name in upper case (Kerberos is case-sensitive).
Default domain—The Internet domain name equivalent to the realm.
KDC and admin server—Hostname or IP address of the Key Distribution Center for this realm. For Active Directory, it is usually the domain controller.
KDC port number—The associated port number.
Click Save.
If you are using the Configuration Wizard, click Next.
|
1. IBM Domino only supports Simple Authentication method. |
See also: