1. |
a. |
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
b. |
c. |
NOTE: Use the LDAP Browser to specify the Search Base DN and Search Filter. See Use the LDAP Browser. |
Specify the LDAP attributes to retrieve. For example:
| |||
Enter a label attribute. For example: memberof. | |||
Enter the label prefix. For example: ldap_ The label prefix is a string that is added to the beginning of all the labels. | |||
Enter the binary attributes. For example: objectsid. Binary attributes indicates which attributes should be treated as binary for purposes of storage. | |||
4. |
5. |
In the drop-down list next each attribute, select the value to use for appliance User attributes during import. Values in the drop-down list are the values specified in the Attributes to retrieve field on the previous page. |
The identifier for the user. Recommended value: objectguid. | |||
|
Not used. Recommended value: No Value. |
6. |
Optional: In the Role drop-down list, select the role for the imported users. See Add or edit User Roles. |
7. |
Optional: In the Labels drop-down list, select the label to apply to imported users. See About labels. |
8. |
In the Search Results section below the attribute mapping drop-down lists, verify that the list of users to import is correct, and the information listed for each user is what you expect. To refine your search, click the Back button and revise the search parameters and attributes. |
9. |
10. |
11. |
The Users page appears, and the imported users appear on the list. The imported users can access the features of the Administrator Console, User Console based on the role to which they are assigned.
To keep user data current, schedule regular user data imports from your LDAP server.
1. |
a. |
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
b. |
c. |
On the Control Panel, in the User Authentication section. click Configure Trust with LDAP (Administrator Console only), or Configure Trust with LDAP (System Administration Console only). |
2. |
Select LDAP Authentication, then click the Schedule button next to the server name in the list of servers to schedule a user import: |
The following Read Only Administrator Server Details are displayed:
| |||
The LDAP port number, which is usually 389 (LDAP) or 636 (secure LDAP). | |||
The criteria used to search for accounts. OU=end_users,DC=company,DC=com. | |||
The search filter. For example: (&(sAMAccountName=KBOX_USERNAME)(memberOf=CN=financial,DC=example,DC=com)) | |||
The password of the account the appliance uses to log in to the LDAP server. |
Specify the LDAP attributes to retrieve. For example:
| |||
Enter a label attribute. For example: memberof. | |||
Enter the label prefix. For example: ldap_ The label prefix is a string that is added to the beginning of all the labels. | |||
Enter the binary attributes. For example: objectsid. Binary attributes indicates which attributes should be treated as binary for purposes of storage. | |||
4. |
5. |
6. |
Run daily at a specified time, or run on a designated day of the week at a specified time. | |||||||||||
Run on the nth of every month/specific month at HH:MM |
Run on the nth day every month, (for example, the first or the second) day of every month, or a specific month, at the specified time. | ||||||||||
Run on the nth weekday of every month/specific month at HH:MM |
Run on the specific weekday of every month, or a specific month, at the specified time. | ||||||||||
Run according to a custom schedule. Use standard 5-field cron format (extended cron format is not supported): Use the following when specifying values:
| |||||||||||
Click to view the task schedule. The Task Schedule dialog box displays a list of scheduled. Click a task to review the task details. For more information, see View task schedules. |
7. |
Click Next to display the User Import: Schedule - Define mapping between User attributes and LDAP Attributes page. |
8. |
In the drop-down list next each attribute, select the value to use for appliance User attributes during import. Values in the drop-down list are the values specified in the Attributes to retrieve field on the previous page. |
The identifier for the user. Recommended value: objectguid. | |||
|
Not used. Recommended value: No Value. |
9. |
Optional: In the Role drop-down list, select the role for the imported users. See Add or edit User Roles. |
10. |
If you want the selected role to be a default role for new roles, select the Make default check box. |
11. |
Optional: In the Labels drop-down list, select the label to apply to imported users. See About labels. |
12. |
In the Search Results section below the attribute mapping drop-down lists, verify that the list of users to import is correct, and the information listed for each user is what you expect. To refine your search, click the Back button and revise the search parameters and attributes. |
13. |
14. |
◦ |
Click Back to change settings. |
◦ |
Click Import to save the schedule and import user information immediately. The import begins, and the schedule is set to run according to the options selected in Scheduling section. |
◦ |
Click Finish to save the schedule without importing user information. The schedule is set to run according to the options selected in the Scheduling section. |
Single sign on enables users who are logged on to the domain, or authenticated through a third-party, to access the appliance Administrator Console and User Console without having to re-enter their credentials on the appliance login page.
You can use Active Directory for single sign on.
Single sign on is available for:
• |
One domain only: If you have multiple domains, only one can be enabled for single sign on. This is true even if the Organization component is enabled on the appliance, and you have multiple organizations that are on different domains. Single sign on is a System-level configuration, and organizations cannot be configured independently for single sign on. |
• |
Microsoft Active Directory servers: You can enable single sign on using Microsoft Active Directory servers with 2003 R2 or higher schema versions. Earlier schema versions cannot be used. If the Organization component is enabled on your appliance, the Active Directory single sign on method can be used with multiple organizations. |
© ALL RIGHTS RESERVED. Conditions d’utilisation Confidentialité Cookie Preference Center