LDAP Properties
For the appropriate settings for your environment, consult with your LDAP server administrator.
The tables in this section describe LDAP schema properties, security properties, and server properties.
Table 3-19 LDAP Schema Properties
BUI Property | CLI Property | Description |
---|---|---|
Base search DN |
|
The Distinguished Name of the base object, which is the starting point for directory searches. A default subtree specification is automatically prepended to this
base search DN: |
Search scope
|
|
Which objects in the LDAP directory are searched, relative to the base object. For non-recursive, or For recursive, or |
Schema definition for Users, Groups, and Netgroups
|
|
The schema used by the appliance. Use these properties to override the default search descriptor (base DN plus a default subtree specification), attribute mappings, and object class mappings for users, groups, and netgroups. For more information, see LDAP Custom Mappings. |
Related Topics
Table 3-20 LDAP Security Properties
BUI Property | CLI Property | Description |
---|---|---|
Authenticate as
|
|
Credentials used to authenticate the appliance to the LDAP server. See LDAP Security Settings for descriptions of these choices. |
Enable SSL/TLS |
|
Toggles TLS (Transport Layer Security, the descendant of SSL) to establish secure connections to the LDAP server. If authenticating as Self, this option is not available because Self uses Kerberos encryption. If you specify port 636 when an LDAP server is added, the system configures LDAP and raw TLS. If you specify any other port when an LDAP server is added (typically 389), the system configures LDAP and StartTLS. When using raw TLS, a separate dedicated port is used for the secure TLS connection. With StartTLS, the LDAP server does not require a dedicated port to establish the encrypted LDAP connection; the LDAP server uses the same 389 port for a TLS connection. |
Authentication Method
|
|
Method used to authenticate the appliance to the LDAP server. If authenticating as Proxy, select the Simple or SASL/DIGEST-MD5 authentication method and set the DN and password. In the CLI, set |
DN |
|
The distinguished name of the account that will be used for proxy authentication. |
Password |
|
The password for the proxy DN account. |
Related Topics
Table 3-21 LDAP Server Properties
BUI Property | CLI Property | Description |
---|---|---|
|
|
See the description of the server property for an explanation of the effect of the server order setting on a list of servers. |
Server |
|
The list of LDAP servers to use.
|
Related Topics