Configuring a directory server
You can configure the SafeLinx Server to retrieve user profile information from an external LDAP server. The directory server that you configure also provides information about how to contact other directory server services. After you configure a directory server, you can assign it to an LDAP-bind authentication profile to authenticate clients when they log in.
About this task
Procedure
- Right-click the OU where you want to create the directory server, and then click .
- Type the IP address or host name, and the port number of the remote directory service server.
- Using standard X.500 notation, type the base distinguished name of the root node or suffix of the primary organizational unit for this SafeLinx Server. This field is case-sensitive. The base DN specifies where in the directory structure to begin searches during client authentication.
-
Specify the distinguished name of an administrator on the remote directory service and the
password for the account.
Verify the correct syntax for the administrator DN with administrator of the LDAP server. If you specify the DN incorrectly, the SafeLinx Server cannot connect to the directory server.
If the server allows anonymous lookups, you do not have to provide the administrator credentials, unless you want SafeLinx to be able to modify information in the directory.
-
You can use TLS to secure the connection to the directory server.
To finish creating the secured connection, obtain the certificate for the directory server and use the GSKit to manage the key database and stash password files. For more information, see Securing communications with an LDAP server.
Note: Safelinx uses OpenLDAP to connect to LDAP server. LDAP server connecivity debug logs (openLDAP logs) can be enabled/disabled by editing the Directory server under Directory services server definition. Each HTTP service that uses an LDAP server for authentication creates a separate LDAP server debug log file suffixed with the thread ID. HTTP services run on different threads, and the ID associated with the thread will be used for the LDAP server debug log filename.