When LDAP is configured as the UM repository, all user information is stored in the Directory Server. The User Management application supports two types of commercial LDAP servers: MICROSOFT Active Directory and SUN One Directory Server 5.2 (iPlanet). These products have different schema and usually support different sets of controls and attributes.
1. Open the User Management Administration tool and click LDAP settings.
The LDAP Settings window appears.
2. Add the server name to the User Directory Hosts list. You can add several hosts to the list and change the order of the host names. In case of failure to connect to the first host (On Top), a second attempt is made to the following hosts in order.
3. Set the Port in the User Directory Port field.
There usually are different ports for secured and non-secured connections.
4. If the LDAP connection is to be secured (SSL), check the Secured LDAP Connection box.
5. Enter the Base DN of the LDAP Server users account.
6. Enter the URLs for changing user password in the Change/Forgot password URL fields.
If the password is forgotten, the User Management application opens these URLs when you click the Login dialog box button.
7. Click on the Credentials tab.
8. Set the Bind user name and password to be used for the LDAP pre-authentication stage (bind).
This user setting is used for initial authentication to transform the User Login Name into an LDAP Distinguished Name (DN).
9. If an Anonymous bind is to be performed, check the Anonymous Bind Checkbox
10. Click the Prefixes tab.
11. Attach a Group prefix to the Group name in the Group Prefixes list.
Any group with a group prefix found in the LDAP server should appear without a prefix in the User Management group list. It should also exist in the User Management application.
12. Attach a Role prefix in the Role Prefixes list.
13. Click the Advanced Settings tab.
14. Set the search method to Whole subtree starting with Base DN.
15. Set the objectclass filter to objectclass=*
16. Set the unique user identifier attribute name, for Active Directory set sAMAccountName.
17. Check the Build user DN dynamically box.
18. Click the Authentication Result tab.
19. Set the page size limit for the LDAP Query.
The paged query divides the result into pages in the specified size.
20. Select Paging Control (LDAP Query-type field).
For Active Directory, select Paged Query or No Paging.
21. Select the Error handling method
For Active Directory, select Active Directory Error Codes only.
See this topic: