When LDAP is used:
- Content Gateway acts as an LDAP client and directly challenges users who request content for a username and password.
- After receiving the username and password, Content Gateway contacts the LDAP server to check that the credentials are correct.
- If the LDAP server accepts the username and password, the proxy serves the client the requested content and stores the username and password in the credential cache.
- Future authentication requests for that user are served from the cache until the cache entry expires (Time-To-Live value).
- If the LDAP server rejects the username and password, the user’s browser displays a message indicating that authorization failed and prompts again for a username and password.
LDAP authentication supports both simple and anonymous bind.
To add an LDAP domain to the Domains list:
Steps
-
Go to and click New Domain.
-
Select LDAP from the Authentication Method drop down list.
-
In the Domain Identifier field, enter a unique name that will help you recognize the domain and its purpose. After the domain is added, the name cannot be
changed.
-
Optionally, configure the Aliasing option. For information see: Unknown users and the ‘alias’ option.
-
In the LDAP Domain Details section:
- In the LDAP Server Name field, enter the fully qualified domain name or IP address of the LDAP server.
- If the LDAP server port is other than the default (389), in the LDAP Server Port field, enter the LDAP server port.
- Enter the LDAP Base Distinguished Name. Obtain this value from your LDAP administrator.
- Select the LDAP Server Type from the drop down list.
- Select sAMAccountName (MS AD) for Active Directory.
- Select userPrincipalName (MS AD) for Active Directory.
- Select uid (Other LDAP) for other directory services.
- In the Bind Domain Name field, enter the bind distinguished name. This must be a Full Distinguished Name of a user in the LDAP directory service. For
example:
CN=John Smith,CN=USERS,DC=MYCOMPANY,DC=COM
- In the Bind Password field, enter the password for the name given in the Bind Domain Name field.
- Enable Secure LDAP if you want Content Gateway to use secure communication with the LDAP server. If enabled, set the LDAP port to 636 or 3269.
-
Click Add Domain.