To complete the creation of this V-Realm, you must define at least one authentication stage within it, in this instance we will create an LDAPS stage. To configure the basic settings for an LDAPS authentication stage which includes connection and authentication information, follow the below steps.
- After creating and naming a new V-Realm, select LDAP from the Stage Type drop down list box located under Create New Authentication Stage.
- Click Submit.
The Authentication Stage properties page opens. The basic settings that are required for configuring NetConnect to authenticate users against an external LDAP server can be seen below.
- Specify the following settings and click Submit. Note, only the mandatory fields are covered here, the Configuration Manual explores additional options in further detail.
|Domain||Enter the domain which the Active Directory is joined to.|
|Username Template||The Username template field is used to prefix or postfix a string to the username. This removes the need for end-users to include this information when logging in. Typically this will be %USERNAME%.|
|Host||Enter the DNS name of the LDAP server.|
|Bind DN||The Bind DN is a string that identifies the AD account you wish to use to bind to NetConnect. We recommend creating an account specifically for the purpose of binding to NetConnect. To locate the bind DN string:
*Log into to your AD server.
*Open up the active directory console.
*Ensure that Advanced Features is enabled under the view menu.
*Navigate to the user we wish to use to bind to NetConnect, right click and select Properties.
*Go to the Attribute Editor tab, scroll down to the Distinguished Name attribute, double-click and copy the value
|Bind Password||Enter the password of your selected Bind user.|
|Base DN||Specify the point in the directory hierarchy where a search begins. Enter the base DN (or base Object) from which you want to search.|
|Login Attribute||Enter the name of the login attribute that contains the user’s login name. For example, for Sun Java System Directory Server it’s uid. For Active Directory, it’s sAMAccountName.|