How do I set Active Directory using LDAP as the User Repository in VPC 5.0?
VigilEnt Policy Center 5.0
To set Active Directory as the user repository:
- On the Administration tab, clickOptions, and then click Repository.
- On the Repository tab, click Add.
- On the Repository Options page, type the name of the repository in the Name field. VPC does not accept the following characters in this field: / \ * ? < > |
Optional. Type the email address for the repository administrator in the E- mail field. Click My users are in an LDAP server. Expand Field Mappings and click Active Directory to set the default attribute mappings for Active Directory. Expand LDAP Configuration. Optional. If you have more than 999 users or your repository contains contacts, select the Use native ADSI to connect to server check box. The standard LDAP interface permits only a fixed number of query results returned by the Active Directory server, usually 1,000. ADSI permits the enumeration of entire lists and avoids incorrect reports, limited access to user lists, and other incorrect or misleading results in VPC. ADSI also may help increase performance at organizations with a large number of groups and users in an Active Directory server. Optional. If you are using SSL, select the Yes check box. For LDAP URL, type one of the following lines of data:
- NOTE: Because VPC lists the repository name after every user and group name in username@repositoryname format, make the entry in this field 10 characters or less to avoid unnecessarily long identifiers.
For Search Base, type the name of the root level or highest level in the folder structure, for example, dc=<domain name>,dc=com. VPC uses the entry to search for user accounts. Specifying the highest folder level ensures that VPC finds all user accounts in the database. Select the Anonymous Bind check box to connect to an LDAP server anonymously. Clear this check box to identify the connection. If you clear this check box, VPC requires information in the Bind DN and Password fields. If you are using Microsoft Exchange, clear the Anonymous Bind field. For Bind DN, type the full distinguished name of the account VPC uses when binding to the server. The account should have permissions to browse the entire contents of the Search Base and enumerate groups, for example:
- The location of the fully-qualified URL. Use the following format: LDAP://<server name>
- The IP address of the server and the LDAP TCP port. Use the following format: LDAP://192.168.72.1:389
- NOTE: The default LDAP TCP port is 389. The default LDAP TCP Global Catalog port is 3268.
For Password, type the password for the Bind DN account. Click Save.
- NOTE: If the value contains spaces, use quotation marks around the text, for example, cn="policy admin",ou="san jose",dc=globalcorp,dc=com.