If you use external LDAP server authentication, the appliance accesses a directory service to authenticate users. This allows users to log in to the appliance Administrator Console, User Console, or System Administration Console using their domain username and password.
For information about adding user accounts to the appliance for local user authentication, see:
The account needs read-only access to the Search Base DN field on the LDAP server. The account does not need write access, because the appliance does not write to the LDAP server.
In addition, the account must have a password that never expires. Because the password never expires, make sure it is very secure. The user can change the password (that complies with the appropriate security requirements), however, the password must be updated on the appliance. You can give the account a username, such as KACE_Login, or you can attempt to connect to the LDAP server using an anonymous bind.
You can configure and test connections from the appliance to an external LDAP server.
◦ |
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if Show organization menu in admin header is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
◦ |
Log in to the appliance System Administration Console, https://appliance_hostname/system, or select System from the drop-down list in the top-right corner of the page. |
2. |
a. |
b. |
On the Control Panel, in the User Authentication section. click Configure Trust with LDAP (Administrator Console only), or Configure Trust with LDAP (System Administration Console only). |
3. |
4. |
Enable local authentication (the default). If local authentication is enabled, the password is authenticated against the existing entries in the local database at Settings > Users. | |
Enable external user authentication using an LDAP server or Active Directory server. If LDAP Authentication is enabled, the password is authenticated against the external LDAP server. For assistance with authentication, contact Quest Support at https://support.quest.com/contact-support. |
Modify the server definition. For information about the fields in this section, see Table 5. | |
6. |
| |||||||||||||
The LDAP port number, which is usually 389 (LDAP) or 636 (secure LDAP). | |||||||||||||
The criteria used to search for accounts. OU=end_users,DC=company,DC=com.
| |||||||||||||
The search filter. For example: (&(sAMAccountName=KBOX_USERNAME)(memberOf=CN=financial,DC=example,DC=com)) | |||||||||||||
LDAP Login:CN=service_account,CN=Users, If user name and password are not provided, the tree lookup is not performed. Each LDAP Label can connect to a different LDAP or Active Directory server. | |||||||||||||
The password of the account the appliance uses to log in to the LDAP server. | |||||||||||||
|
8. |
a. |
b. |
c. |
In the Advanced Search: box, replace KBOX_USER with the username to test. The syntax is sAMAccountName=username. |
d. |
e. |
There are two ways to import user information:
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Conditions d’utilisation Confidentialité Cookie Preference Center