Basic configuration: LDAP mode

Follow these steps to configure basic LDAP mode settings for user authentication.

Before you begin

Make sure that you can connect to your LDAP server through telnet or any other mechanism before you set up the Cloud Extender®.

Procedure

  1. Configure your LDAP setup by using the following options:
    Configure LDAP window
  2. Enter your LDAP information and click Next to validate your credentials:
    LDAP server information window
    Option Description
    Profile Name The name of your authentication profile.

    The Cloud Extender for LDAP authentication supports multiple authentication profiles for cross-forest/cross-domain authentication.

    LDAP Type The LDAP server type in your environment.
    The Cloud Extender supports the following LDAP server types:
    • IBM® Domino® LDAP
    • Oracle LDAP
    • Novell eDirectory
    • Microsoft Active Directory
    • OpenLDAP (for any customized directory)
    Server The host name and the port of your LDAP server.

    The Cloud Extender supports multiple LDAP servers when they are mirroring LDAP servers.
    LDAP Username and Password The admin user name and password of your service account. This account is used to bind to LDAP to authenticate other users.

    Some implementations of LDAP accept the bind user name in a standard format like user@company.com, while other LDAP implementations might require a Distinguished Name (DN) of the user.

    The following list provides an example of the DN format: uid=username,c=us,ou=subdomain,dc=company,dc=com
    Authentication Type The authentication type such as Basic or Digest based on your LDAP environment.
    SSL Enable this option if your LDAP supports secure authentication.
    LDAP Search base for Users The search base for users is the root location in your directory from where all users are searched.

    The Cloud Extender discovers any user under the hierarchy. Enter the Distinguished Name (DN) of the Organization Unit (OU) that has users. Related information: Automatic OU lookup from the Corporate Directory (User Authentication)
    User Search Attribute
    LDAP configuration

    The name of the LDAP field that identifies the user in your directory. The name varies between the LDAP types and you can use only one attribute.

    The following list includes common user search attributes:
    • Active Directory
      • samAccountName (DOMAIN\username)
      • email (user@company.com)
      • userPrincipalName (user@domain.company.com)
    • OpenLDAP
      • mail (user@company.com)
      • uid (user) v Novell eDirectory
      • mail (user@company.com)
      • cn (user)
    • Oracle LDAP
      • loginid (user)
      • mail (user@company.com)
      • uid (user) v IBM Domino LDAP
      • cn (user)
      • mail (user@company.com)
      • uid (user)
    LDAP Search Base for Groups (Optional) The search base for groups is the location on your directory that includes all defined user groups.

    This option is similar to the LDAP Search base for Users option. The Cloud Extender uses this attribute to discover all groups from this root location.
  3. The following message is displayed when configuration is successful:
    LDAP Authentication successful message
    If a failure message is displayed, check LDAP connectivity from the Cloud Extender server, port, credentials, and authentication type:
    LDAP server not reachable message
  4. Test authentication by using a normal user name and password:
    Test Configuration window
  5. Test reachability to determine how deep into the directory your service account can view:
    Success window
  6. Click Save to complete the setup and return to the Cloud Extender Summary page.