Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances

101

102

103

104

105

106

107

108

109

110

106 | Preparing for Active Directory Authentication Dell Networking W-ClearPass Deployment Guide

Parameter Action/Description

l For a single domain Active Directory Domain Service, the Bind DN entry must be

located in the same branch and below the Base DN.

l For a multi-domain Active Directory Domain Service (AD DS) forest, because you

leave the Base DN text box empty, the restrictions that apply for a single domain

do not apply for a multi-domain forest.

W-ClearPass fills in the domain portion of the Bind DN.

6. Specify the username.

W-ClearPass also populates the Base DN, and the NetBIOS Domain Name fields.

For related information, see About the Bind Operation.

Bind Password

This is the text box for the Active Directory password for the account that can search

for users.

7. Enter the Bind Password.

NOTE: The Bind password is the same password used in association with the Bind DN

user account.

NetBIOS Domain Name This field is automatically populated.

Base DN

l For a single domain Active Directory Domain Service, this is the text box for the

Distinguished Name (DN) of the starting point for directory server searches. For

example:

DC=mycompany,DC=com

Active Directory starts from this DN to create master lists from which you can later

filter out individual users and groups.

NOTE: The Base DN value that is automatically populated in this instance is not the

best practice Base DN value.

Dell recommends that you narrow down the Base DN as far as possible to reduce

the load on the Active Directory/LDAP server. For example, if all your users are in the

AD Users and Computer Users folder, then set the Base DN to search in the Users

folder.

8. To browse the LDAP directory hierarchy, click Search Base DN.

9. The LDAP Browser opens.

10. Navigate to the DN you want to use as the Base DN.

11. Click on the appropriate node in the tree structure to select it as a Base DN.

l For a multi-domain Active Directory Domain Service (AD DS) forest, the

appropriate action is to leave the Base DN text box blank.

NOTE: This is also one way to test the connectivity to your Active Directory directory. If

the values entered for the primary server attributes are correct, you should be able to

browse the directory hierarchy by clicking Search Base DN.

Search Scope

Search scope is related to the Base DN. The search scope defines how Active

Directory will search for your objects.

12. Specify the search scope you wish to apply.

l Subtree Search: Searches every object and sub-object in the LDAP directory.

l One-Level Search: Looks directly under the Base DN.