Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances

171

172

173

174

175

176

177

178

179

180

The following table describes the Generic LDAPor Active Directory - Primary parameters:

Parameter Description

Hostname Specify the hostname or the IP address of the LDAP or Active Directory server.

Connection

Security

l Select None for default non-secure connection (usually port 389).

l Select StartTLS for secure connection that is negotiated over the standard LDAP port. This is

the preferred way to connect to an LDAP directory securely.

l Select LDAP over SSL or AD over SSL to choose the legacy way of securely connecting to an

LDAP directory. Port 636 must be used for this type of connection.

Port Specifies the TCP port at which the LDAP or Active Directory server is listening for connections.

The default TCP port for LDAP connections is 389 and the default port for LDAP over SSL is 636.

Verify Server

Certificate

Select this checkbox to verify the server certificate as part of authentication.

Bind DN Specify the DN of the administrator account. Policy Manager uses this account to access all other

records in the directory.

NOTE: For Active Directory, the bind DN can also be in the administrator@domain format (for

example, administrator@acme.com).

Bind Password Specify the password for the administrator DN entered in the Bind DN field.

NetBIOS

Domain Name

Specify the Active Directory domain name for this server. Policy Manager prepends this name to

the user ID to authenticate users found in this Active Directory.

NOTE: This setting is available only for Active Directory.

Base DN Enter the DN of the node in your directory tree from which to start searching for records. After

entering the values for the fields described above, click Search Base DN to browse the directory

hierarchy. The LDAP browser opens. You can navigate to the DN that you want to use as the base

DN.

Click on any node in the tree structure that is displayed to select it as a base DN. Note that the

base DN is displayed at the top of the LDAP browser.

NOTE: This is also a method to test the connectivity to your LDAP or AD directory. If the values

entered for the primary server attributes are correct, you can browse the directory hierarchy by

clicking Search Base Dn.

Search Scope Select the scope of the search you want to perform, starting at the base DN.

l Base Object Search allows you to search at the level specified by the base DN.

l One Level Search allows you to search up to one level lesser to the immediate children of

the base DN.

l Subtree Search allows you to search the entire subtree under the base DN (including at the

base DN level).

LDAP Referral Enable this check box to automatically follow referrals returned by your directory server in

search results. Refer to your directory documentation for more information on referrals.

Table 77:

Generic LDAPor Active Directory - Primary Tab Parameters

Dell Networking W-ClearPass Policy Manager 6.5 | User Guide Authentication and Authorization | 173