Host Address
and Port for Primary Active Directory Server
|
Provide the
Host name or IP address and the port of the Primary Active Directory server.
The port
defaults to 389.
|
Host Name
and Port for Redundant Active Directory Server
|
Provide the
Host name or IP address and the port of the Redundant Active Directory server.
The port
defaults to 389.
|
Use SSL
|
Check these
boxes if you want the connection from the Unified device to the Active
Directory connection to be encrypted with SSL while doing authentication.
|
Manager
Distinguished Name
|
Enter the
Manager Distinguished Name used to login to the Active Directory server, for
example, on a default installation of Microsoft AD:
CN=Administrator, CN=users, DC=MYSERVER, DC=COM.
Replace
MYSERVER and
COM
with your respective hostname.
Note
|
If users
other than the LDAP administrator is configured as Manager Distinguished Name
in the OAMP LDAP configurations, they should have the following rights:
-
User
search permissions on the domain.
-
Read
access to user objects and their attributes.
-
Read
access to the base DN.
-
Permission to bind to LDAP.
|
|
Manager
Password
|
Enter the
Active Directory manager password.
|
Confirm
Manager Password
|
Confirm the
Active Directory manager password.
|
User Search
Base
|
Specify the
user search base. For example, on a default installation of Microsoft AD,
CN=users, DC=MYSERVER, DC=COM, replace
MYSERVER and
COM
with your respective hostname.
Note
| This
example assumes you placed the users in the USERS subtree of AD. If you created
a new organizational unit within your subtree, then the syntax would be:
OU=MYUSERS, DC=MYSERVER, DC=COM. Note that it is
"OU=MYUSERS" instead of "CN=MYUSERS".
|
|
Attribute
for User ID
|
Whenever a
user logs in, Unified Intelligence Center searches for that user in the LDAP
(Lightweight Directory Access Protocol) using the login attribute specified in
the LDAP configuration. After the user is found, the full DNS of the user is
extracted and used for authenticating the user.
The login
attribute specified in the LDAP configuration will be the property against
which LDAP search is issued to find the matching username. If you do not know
which attribute to use, use
sAMAccountName, which is the default Microsoft
username attribute.
Different
organizations settle on different LDAP attributes to identify the user name
across the organization, depending on the tools used to administer LDAP within
their organizations. This attribute allows you to customize the login depending
on the attribute used. Even a custom attribute can be specified using this
dialog.
sAMAccountName
indicates the user attribute to search the user for is the
userPrincipalName.
sAMAccountName contains just the short user name. For
example, jDoe for the user John Doe.
userPrincipalName
indicates the user attribute to search the user for is the
userPrincipalName. This attribute contains user name
in the email format, in the form
user@compay.com. Therefore this entire string
becomes the user name and not just user. Therefore when this attribute is
selected this entire form of username has to be typed in as the username in the
login box.
Custom
User Attribute allows you to specify the attribute used for searching the
user in LDAP.
Note
|
Custom
User attributes are not validated and are used as is. Ensure that the correct
case and attribute name are used.
|
Contact
your Active Directory Administrator for the correct attribute to use.
|
UserName
Identifiers
|
Users are
stored in Unified Intelligence Center in the format <UserName
Identifier>\<username>
The
UserName Identifiers are used to identify the different kinds of users within
Unified Intelligence Center. For example, local, LDAP, user-synced user, users
from different LDAP domains and so on.
The
username identifier has to be first declared for use in this page before it can
be used. When LDAP is configured at least one identifier must be configured and
set as default so that LDAP users can be identified in the system.
When
userPrincipalName are used as the LDAP attribute for
searching users in the domain, valid formats for username has to be supplied in
the form of
@company.com. Unlike
sAMAccountName any identifier cannot be configured.
Only existing identifiers as configured in the LDAP Active Directory
userPrincipalName attribute should be configured here.
Users are created as company\user.
UserSychronization brings in users in format
<syncdomain>\username and collections will have users in the same format.
It is therefore required that these users login to Unified Intelligence Center
using the syncdomain\user syntax. To enable please add syncdomain or
@syncdomain.com (if you are using
userPrincipalName) to the list of valid identifiers.
The
maximum allowed length of a UserName identifier is 128 characters.
|
set
Default. (UserName Identifier)
|
Default
identifiers allows users to login without typing the full domain identifier
(<domain>\user) or the
userPrincipalName suffixes to usernames (user
<@company.com>) on the Login page.
It can be
set by choosing one of the Identifiers from the list box and by clicking the
Set Default button.
Users who
need to use any other identifier can still login by typing their full
identifier in the login box. For example, domain2\user or netbiosname\user,
provided those identifiers have already been configured.
|
Test
Connection button
|
Click to
test the connection to the primary and secondary LDAP servers and display the
connection status.
|