Administrator Guide
Advanced LDAP URL Syntax
If you select Microsoft Active Directory as the Server Type on the Administration >Operator Logins
>Servers > Server Configuration form, the LDAP server connection will use a default distinguished name of
the form dc=domain,dc=com, where the domain name components are taken from the bind username.
To specify a different organizational unit within the directory, include a distinguished name in the LDAP server
URL, using a format such as:
ldap://192.0.2.1/ou=IT%20Services,ou=Departments,dc=server,dc=com
To specify a secure connection over SSL/TLS, use the prefix ldaps://.
To specify the use of LDAP v3, use the prefix ldap3://, or ldap3s:// if you are using LDAP v3 over SSL/TLS.
When Microsoft Active Directory is selected as the Server Type, LDAP v3 is automatically used.
An LDAP v3 URL has the format ldap://host:port/dn?attributes?scope?filter?extensions.
l dn is the base X.500 distinguished name to use for the search.
l attributes is often left empty.
l scope may be ‘base’, ‘one’ or ‘sub’.
l filter is an LDAP filter string, for example, (objectclass=*)
l extensions is an optional list of name=value pairs.
Refer to RFC 2255 for further details.
LDAP Operator Server Troubleshooting
At Administration >Operator Logins >Servers, you can use the LDAP Operator Servers list to
troubleshoot network connectivity, operator authentication, and to look up operator usernames.
Testing Connectivity
To test network connectivity between an LDAP server and the W-ClearPass Guest server, click the Ping link
in the server’s row. The results of the test appear below the server entry in the LDAP server table.
Testing Operator Login Authentication
1. To test authentication of operator login values, select a server name in the LDAP Server table, then click the
Test Auth link. The Test Operator Login form is added to the page.
Dell Networking W-ClearPass Guest 6.5.0 | User Guide Operator Logins | 559