Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances

181

182

183

184

185

186

187

188

189

190

182 | Preparing W-ClearPass for LDAP and SQLAuthenticationSources Dell Networking W-ClearPass Deployment Guide

Parameter Action/Description

For a multi-domain LDAP Domain Service forest, the default ports for the global

catalog are:

l Default port without SSL: 3268

l Default port with SSL: 3269

Verify Server Certificate 4. Enable this option to verify the Server Certificate for a secure connection.

Bind DN

5. Enter the Distinguished Name of the node in your directory tree from which to

start searching for records.

The Bind DN text box specifies the full distinguished name (DN), including common

name (CN), of an LDAP user account that has privileges to search for users (usually

the Administrator account). For example:

CN=Administrator,CN=Users,DC=mycompany,DC=com

NOTE: You may need to get the Bind DN from the LDAP administrator.

This user account must have at least domain user privileges.

The Bind DN user, such as Administrator, is the username associated with the Bind

DN user account.

l For a single domain LDAP Domain Service, the Bind DN entry must be located in

the same branch and below the Base DN.

l For a multi-domain LDAP Domain Service forest, because you leave the Base DN

text box empty, the restrictions that apply for a single domain do not apply for a

multi-domain forest.

W-ClearPass fills in the domain portion of the Bind DN.

6. Specify the username.

W-ClearPass also populates the Base DN, and the NetBIOS Domain Name fields.

For related information, see LDAP Authentication Source Configuration.

Bind Password

This is the text box for the Active Directory password for the account that can search

for users.

7. Enter the Bind password.

NOTE: The Bind password is the same password used in association with the Bind DN

user account.

Base DN

l For a single domain Active Directory Domain Service, this is the text box for the

Distinguished Name (DN) of the starting point for directory server searches. For

example:

DC=mycompany,DC=com

The LDAP server starts from this DN to create master lists from which you can later

filter out individual users and groups.

NOTE: The Base DN value that is automatically populated in this instance is not the

best practice Base DN value.