Configuring LDAP Settings

Configure LDAP settings for user-group definition, administrator privileges, or end-user quarantine authentication. You can enable up to two LDAP servers for each InterScan™ Messaging Security Appliance (IMSA) group.

To provide a backup LDAP server, configure two LDAP servers.

To configure LDAP settings:

  1. Choose Administration > IMSA Configuration > Connections. The Components tab displays by default.

  2. Click the LDAP tab.

  3. Next to LDAP server type, choose the type of LDAP servers on your network:

  4. Next to Enable LDAP 1, select the check box.

  5. Next to LDAP server, type the server name or IP address.

  6. Next to Listening port number, type the port number that the LDAP server uses to listen to access requests.

  7. Configure the settings under LDAP 2 if necessary.

  8. Under LDAP cache expiration for policy services and EUQ services, type the Time to live in minutes.

    Time To Live—Duration that determines how long IMSA retains the LDAP query results in the cache. Specifying a longer duration enhances LDAP query during policy execution. However, the policy server will be less responsive to changes in the LDAP server. A shorter duration means that IMSA has to perform the LDAP query more often, thus lowering the performance.

  9. Under LDAP admin, type the administrator account, the corresponding password and the base distinguished name. Refer to the table below for assistance on what to specify under this section according to the LDAP server type:

 

LDAP Server

LDAP Admin Account (examples)

Base Distinguished Name (examples)

Authentication Method

Active Directory

Without Kerberos:

user1@domain.com (UPN) or domain\user1

With Kerberos:

user1@domain.com

dc=domain, dc=com

Simple

Advanced (with Kerberos)

Domino

user1/domain

Not applicable

Simple

Sun iPlanet Directory

uid=user1, ou=people, dc=domain, dc=com

dc=domain, dc=com

Simple

 

  1. Select an authentication method:

  1. Click Save.

If you are using the Configuration Wizard, click Next.

 

1. IBM Domino only supports Simple Authentication method.

2. If the domain name in LDAP administrator account can be resolved by DNS, the Kerberos authentication will succeed no matter what value you type in the default realm.
If the domain name in LDAP administrator account cannot be resolved, Kerberos will use the default realm to check.

 

 

See also: