Basic configuration: LDAP mode

Follow these steps to configure basic LDAP mode settings for user authentication.

Before you begin

Make sure that you can connect to your LDAP server through telnet or any other mechanism before you set up the Cloud Extender®.

Procedure

  1. Configure your LDAP setup by using the following options:
    Configure LDAP window in the Cloud Extender Configuration Tool
    Option Description
    Configuration profile name The name of your authentication profile.

    The Cloud Extender for LDAP authentication supports multiple authentication profiles for cross-forest/cross-domain authentication.

    LDAP Type The LDAP server type in your environment.
    The Cloud Extender supports the following LDAP server types:
    • IBM® Domino® LDAP
    • Oracle LDAP
    • Novell eDirectory
    • Microsoft Active Directory
    • OpenLDAP (for any customized directory)
    Use Secure LDAP Enable this option if your LDAP supports secure authentication.
    Servers The host name and the port of your LDAP server.

    The Cloud Extender supports multiple LDAP servers when they are mirroring LDAP servers.

    Authentication Type The authentication type is either Basic or Digest based on your LDAP environment.
    Bind Username/Bind Password The admin user name and password of your service account. This account is used to bind to LDAP to authenticate other users.

    Some implementations of LDAP accept the bind user name in a standard format like user@company.com, while other LDAP implementations might require a Distinguished Name (DN) of the user.

    The following list provides an example of the DN format: uid=username,c=us,ou=subdomain,dc=company,dc=com

    LDAP Search base for Users The search base for users is the root location in your directory from where all users are searched.

    The Cloud Extender discovers any user under the hierarchy. Enter the Distinguished Name (DN) of the Organization Unit (OU) that has users. Related information: Automatic OU lookup from the Corporate Directory (User Authentication)

    User Search Attribute
    LDAP configuration

    The name of the LDAP field that identifies the user in your directory. The name varies between the LDAP types and you can use only one attribute.

    The following list includes common user search attributes:
    • Active Directory
      • samAccountName (DOMAIN\username)
      • email (user@company.com)
      • userPrincipalName (user@domain.company.com)
    • OpenLDAP
      • mail (user@company.com)
      • uid (user) v Novell eDirectory
      • mail (user@company.com)
      • cn (user)
    • Oracle LDAP
      • loginid (user)
      • mail (user@company.com)
      • uid (user) v IBM Domino LDAP
      • cn (user)
      • mail (user@company.com)
      • uid (user)
    LDAP Search Base for Groups (Optional) The search base for groups is the location on your directory that includes all defined user groups.

    This option is similar to the LDAP Search base for Users option. The Cloud Extender uses this attribute to discover all groups from this root location.

  2. Click Next to validate the credentials. The following message is displayed when configuration is successful.
    LDAP configuration successful message
    If a failure message is displayed, check LDAP connectivity from the Cloud Extender server, port, credentials, and authentication type.
    LDAP server not reachable message
  3. Test authentication by using a normal user name and password.
    Test authentication window
  4. Test reachability to determine how deep into the directory your service account can view.
  5. Select Show Values to view all attributes of the test user who authenticated successfully.
    Sample values for user authentication window
  6. Click Next.
    You are prompted to create multiple user authentication profiles to integrate with another forest domain.
    Configure cross-forest authentication prompt
  7. Repeat previous steps for any additional authentication profiles you require. If you use only one profile, click No and complete the configuration to view the connection summary.
  8. Click Next to configure automatic updates.
  9. Click Finish to complete the setup and exit the Cloud Extender Configuration Tool.