Define LDAP domain elements
If you use an external LDAP directory for user management, you must create an LDAP Domain.
After the LDAP Domain is associated with the external server, the Management Server contacts the LDAP directory server or Active Directory Server. You can then view and edit users and user groups through the Management Client.
You can select one LDAP Domain as the global Default LDAP Domain. You can also specify the default LDAP domain for each NGFW Engine in the Engine Editor. Selecting a default LDAP domain allows users belonging to that LDAP Domain to authenticate without specifying the LDAP Domain information. Users in other LDAP Domains must specify their LDAP Domain whenever they authenticate themselves.
If you use administrative Domains, create a separate LDAP Domain in each administrative Domain to create user accounts that are specific to each Domain. You can also use LDAP Domains in different administrative Domains to point to different parts of the directory hierarchy in the same LDAP directory. The internal LDAP directory is always in the Shared Domain, which makes its contents visible in all administrative Domains. You can select one Default LDAP Domain in each administrative Domain. You can also select an LDAP Domain in the Shared Domain as the Default LDAP Domain for all administrative Domains.
 For more details about the product and how to configure features, click Help or
            press F1.
Steps
External LDAP Domain Properties dialog box
Use this dialog box to configure External LDAP Domain elements.
| Option | Definition | 
|---|---|
| General tab | |
| Name | Specifies the name of the LDAP Domain. | 
| Category | Shows the assigned category. | 
| Select | Opens the Category Selection dialog box. | 
| Comment | An optional comment for your own reference. | 
| Default LDAP Domain | When selected, specifies that the LDAP Domain is used for all authentication unless otherwise specified in the IPv4 Access
							rules. Note: The Default User Domain setting in the  settings can override this setting for individual NGFW
								Engines. | 
| Servers | Shows the available servers that can be bound to this LDAP Domain. | 
| Add | Adds the selected servers to the Bound Servers list. | 
| Remove | Removes the selected servers from the Bound Servers list. | 
| Bound Servers | Shows the servers that are bound to this LDAP Domain. | 
| Up | Moves the server up the list. | 
| Down | Moves the server down the list. | 
| Option | Definition | 
|---|---|
| Default Authentication tab | |
| Authentication Method | Shows the authentication methods selected for the LDAP Domain. Note: If you use the Integrated User ID Service for user identification, the supported
								authentication methods for the External LDAP Domain are user password or LDAP authentication. | 
| Select | Opens the Select Element dialog box. |