Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances

181

182

183

184

185

186

187

188

189

190

Parameter Action/Description

Dell recommends that you narrow down the Base DN as far as possible to reduce

the load on the Active Directory LDAP server. For example, if all your users are in the

AD Users and Computer Users folder, then set the Base DN to search in the Users

folder.

8. To browse the LDAP directory hierarchy, click Search Base DN.

The LDAP Browser opens.

9. Navigate to the DN you want to use as the Base DN.

10. Click on the appropriate node in the tree structure to select it as a Base DN.

l For a multi-domain Active Directory Domain Service (AD DS) forest, the

appropriate action is to leave the Base DN text box blank.

NOTE: This is also one way to test the connectivity to your LDAP directory. If the

values entered for the primary server attributes are correct, you should be able to

browse the directory hierarchy by clicking Search Base DN.

Search Scope

Search scope is related to the Base DN. The search scope defines how LDAP will

search for your objects.

11. Select the Search Scope.

l Subtree Search: Searches every object and sub-object in the LDAP directory.

l One-Level Search: Looks directly under the Base DN.

l Base Object: Searches any object under the Base DN.

LDAP Referrals

Dell does not recommend enabling the "Follow Referrals" check box.

This function directs the LDAP server to find a specific user in its tree, but it’s

possible for the user to be included on another LDAP server, which can cause a

search loop.

Bind User

12. Enable this option to allow a bind operation using the user password.

For clients to be authenticated by using the LDAP bind method, Policy Manager must

receive the password in clear text.

Password Attribute

13. Enter the name of the attribute in the user record from which the user password

can be retrieved.

Password Type 14. Specify the password type: Cleartext, NT Hash, LM Hash, SHA1, SHA256, MD5.

Password Header

Oracle's LDAP implementation prepends a header to a hashed password string.

15. If you are using Oracle LDAP, enter the header in this field so the hashed password

can be correctly identified and read.

User Certificate

16. Leave the value that is automatically populated in this field as the default unless

your LDAP administrator has a different attribute for storing the user certificate.

17. When satisfied with these settings, click Next.

The Summary page is displayed, which shows all the settings you have entered

for the LDAP authentication source.

Dell Networking W-ClearPass Deployment Guide Preparing W-ClearPass for LDAP and SQLAuthenticationSources | 183