Lightweight Directory Access Protocol (LDAP) is a directory service for centralizing management of users, groups, hostnames, and other resources (called objects). This service on the appliance acts as an LDAP client so that:
LDAP users can log in to the FTP and HTTP services.
LDAP user names (instead of numerical ids) can be used to configure root directory ACLs on a share.
LDAP users can be granted privileges for appliance administration. The appliance supplements LDAP information with its own privilege settings.
The LDAP server's certificate can be self-signed.
You cannot supply a list of trusted CA certificates; each certificate must be individually accepted by the appliance administrator.
When an LDAP server's certificate expires, you must delete the server from the list and then add it again to accept its new certificate.
To configure LDAP, see the following sections: