How To
Summary
The purpose of this article is to help the administrator to find the User Base and Group Base DN information required to configure LDAP authentication in QRadar®. These steps can be run from any member server on the Windows® domain with the Remote Server Administration Tools (RSAT) installed on its local machine.
Environment
These steps required the dsquery utility to be enabled. This utility can be enabled by using the steps provided by Windows® in Remote Server Administration Tools (RSAT)
Steps
To gather the User Base DN
- Open a Windows® command prompt.
- Type the command:
dsquery user -name <known username>
The result looks like:CN=John.Smith,CN=Users,DC=test,DC=internal
- - In QRadar® LDAP module settings, when asked for a User Base DN, enter:
CN=Users,DC=test,DC=internal
This configuration allows the users to connect within the Users Common Name (CN) only. Ideally, this configuration must have the domain portion only (DC=test,DC=internal) and restrict which users can connect by using Group Base DN
To gather the Group Base DN
- Open a Windows® command prompt.
- Type the command:
dsquery group -name <known group name>
- The result looks like:
CN=Users,CN=Builtin,DC=test,DC=internal
- In QRadar® LDAP module settings, when asked for a User Base DN, enter:
CN=Users,CN=Builtin,DC=test,DC=internal

Document Location
Worldwide
[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Version(s)"}]
Was this topic helpful?
Document Information
Modified date:
18 November 2020
UID
ibm16367965