Table of Contents
Advertisement
○
If the test login was successful and you're satisfied with the
Group Memberships information, the enterprise directory server is configured
any
properly.
10. Click [Apply Configuration] to accept the configuration changes.
Click [Restore Configuration] to undo any changes not yet applied.
2.18 Manual configuration
Use this information to connect to an enterprise directory server other than MSAD, Novell
eDirectory, or any other system that has a custom configuration. The following LDAP definitions
are for configuration properties that may need to be manually selected.
Field
Format
DN
Login Attribute
First Name Attribute
Last Name Attribute
Group Attribute
NOTE:
Regarding LDAP parameter configurations, EA3 finds the first instance of the
configured attribute for a user, except for
First Name Attribute to be an attribute listed multiple times, EA3 assumes the first one
found during an LDAP query is the correct
finds all instances of that attribute.
Save changes
•
No changes are saved to EA3 on a tab unless you click [Apply Configuration] before you
navigate to another tab, or click [Confirmation]. If there is more than one [Apply
Chapter 19 Access Controls
domain or dn .
Set to
domain is the MSAD way of doing LDAP authentication (<userId>@<realm name>).
•
•
dn is the eDirectory way of doing LDAP authentication; most other directory servers use (log-
inAttribute=<userId>,<ldap base dn>). If you are connecting to a non-MSAD directo‐
ry server, you will more than likely use
•
The LDAP base DN of the LDAP server to which you are connecting.
•
Typically this is the fully qualified domain name separated by clusters of DC=.
•
For example, if the fully qualified domain name of the directory server is example.com, it is
likely that the DN is DC=example,DC=com.
•
The LDAP attribute to be used for the unique user identifier; the username to login.
•
Set to the unique identifier your server uses.
○
sAMAccountName
On MSAD it is:
○
On eDirectory, it is typically:
The LDAP attribute used for the user's first name.
The LDAP attribute used for the user's last name.
•
The LDAP attribute used to find group memberships for the user.
•
memberOf .
On MSAD, it is
NOTE:
EA3 finds all instances of this attribute (not just the first, like it does for other attrib‐
utes). If a user belongs to more than one group, EA3 finds all memberships.
Revolution CT User Manual
Direction 5480385-1EN, Revision 1
First Name , Last Name , or
Description
dn .
cn
Group Membership . If you configure the
First Name . For Group Membership , EA3
611
Advertisement
Table of Contents
Troubleshooting
