Procedure
- Click Next. The LDAP Settings screen appears.
- Complete the following to enable LDAP settings:
- For LDAP server type, select one of the
following:
-
Domino
-
Microsoft Active Directory
-
Microsoft AD Global Catalog
-
Open LDAP
-
Sun iPlanet Directory
-
- To enable one or both LDAP servers, select the check boxes next to Enable LDAP 1 or Enable LDAP 2.
- Specify the names of the LDAP servers and the port numbers they listen on.
- Under LDAP cache expiration for policy services and EUQ services, specify a number that represents the time to live next to the Time to Live in minutes field.
- Under LDAP admin, specify the administrator account,
its corresponding password, and the base-distinguished name. See the following table
for a guide on
what to specify for the LDAP admin settings.
LDAP Server Types
LDAP ServerLDAP Admin Account (examples)Base Distinguished Name (examples)Authentication MethodActive Directory™Without Kerberos:user1@domain.com(UPN) ordomain\user1With Kerberos: user1@domain.comdc=domain, dc=comSimpleAdvanced (with Kerberos)Active Directory Global CatalogWithout Kerberos:user1@domain.com(UPN) ordomain\user1With Kerberos:user1@domain.comdc=domain, dc=comdc=domain1,dc=com (if mutiple unique domains exist)SimpleAdvanced (with Kerberos)OpenLDAPcn=manager, dc=test1, dc=comdc=test1, dc=comSimpleLotus Domino™user1/domainNot applicableSimpleSun™ iPlanet Directoryuid=user1, ou=people, dc=domain, dc=comuid=user1, ou=people, dc=domain, dc=comSimple - For Authentication method, click Simple or Advanced authentication. For Active Directory advanced authentication, configure the Kerberos authentication default realm, Default domain, KDC and admin server, and KDC port number.
- Select the Enable encrypted communication between IMSS and LDAP check box and click Browse to upload a CA certificate file to verify the certificate used by the LDAP server.
- For LDAP server type, select one of the
following: