How do I set an LDAP server as a user repository in VigilEnt Policy Center? (NETIQKB24431)

  • 7724431
  • 02-Feb-2007
  • 25-Jan-2008

Resolution

goal
How do I set an LDAP server as a user repository in VigilEnt Policy Center?

fact
VigilEnt Policy Center 2.x

fact
VigilEnt Policy Center 2.1x

fact
VigilEnt Policy Center 3.x

fact
VigilEnt Policy Center 4.0

fix

An LDAP server can be set for authentication and as the user repository. Use the following steps for this configuration.

  1. On the Administration tab, click Options, and click User Repository.

  2. Click My users are in an LDAP server.

  3. In the LDAP URL field, type the location of the fully qualified URL and port for the LDAP server. For example:

    ldap://server_name:port_number

    Note: The default port number for LDAP is 389.

  4. In the Search Base field, type the name of the top level group or directory used for searching user IDs. For example, o=server_name.com.

  5. Type the distinguished name (DN) of the LDAP group to which new users are added in the Directory Base for New Users field. This field can be left blank if there is no intention of adding entries to the server through VigilEnt Policy Center. Example, ou=People,o=server_name.com.

    Note: The VigilEnt Policy Center administrator must have the authority to add/edit/delete user and group data within this LDAP group. Privileges are not necessary if an administrator is only managing users and groups.

    • When using Microsoft Exchange, leave the Directory Base for New Users field blank.

    • When using Active Directory, leave the Directory Base for New Users field blank.

  6. Type the distinguished name (DN) of the LDAP group to which new users are added in the Directory Base for New Groups field. This field can be left blank if there is no intention of adding entries to the server through VigilEnt Policy Center. Example, ou=People,o=server_name.com.

    • When using Microsoft Exchange, leave the Directory Base for New Groups field blank.

    • When using Active Directory, leave the Directory Base for New Groups field blank.

  7. Click Anonymous Bind to connect to an LDAP server anonymously. Deselect this check box to identify the connection. If this check box is blank, information must be typed into the Bind DN and Password fields.

    • When using Microsoft Exchange, deselect the Anonymous Bind field.

    • When using Active Directory, deselect the Anonymous Bind field.

  8. If the Anonymous Bind check box is selected, do not use this field.
    If the Anonymous Bind check box is blank, type the log on information for LDAP in the Bind DN field. This must contain the full distinguished name of the account VigilEnt Policy Center should use when binding to the server, for example, uid=admin,ou=admins,ou=server_name.com.

  9. If the Anonymous Bind check box is selected, do not use this field.
    If the Anonymous Bind check box is blank, type the password used to log on to the LDAP server in the Password field.

  10. Click Update.

    • The Bind DN field should contain cn=alias when using a Microsoft Exchange server.

    • The Bind DN field should contain cn=User Name,cn=Users,dc=vpctest,dc=pentasafe,dc=com when using an Active Directory server.

Note: The user connecting to LDAP must have ?read? privileges.



Additional Information

Formerly known as NETIQKB24431

Feedback service temporarily unavailable. For content questions or problems, please contact Support.