Adding a domain (directory service) for use with LDAP

When LDAP is used:

  • Content Gateway acts as an LDAP client and directly challenges users who request content for a username and password.
  • After receiving the username and password, Content Gateway contacts the LDAP server to check that the credentials are correct.
  • If the LDAP server accepts the username and password, the proxy serves the client the requested content and stores the username and password in the credential cache.
  • Future authentication requests for that user are served from the cache until the cache entry expires (Time-To-Live value).
  • If the LDAP server rejects the username and password, the user’s browser displays a message indicating that authorization failed and prompts again for a username and password.

LDAP authentication supports both simple and anonymous bind.

To add an LDAP domain to the Domains list:

Steps

  1. Go to Configure > Security > Access Control > Domains and click New Domain.
  2. Select LDAP from the Authentication Method drop down list.
  3. In the Domain Identifier field, enter a unique name that will help you recognize the domain and its purpose. After the domain is added, the name cannot be changed.
  4. Optionally, configure the Aliasing option. For information see: Unknown users and the ‘alias’ option.
  5. In the LDAP Domain Details section:
    1. In the LDAP Server Name field, enter the fully qualified domain name or IP address of the LDAP server.
    2. If the LDAP server port is other than the default (389), in the LDAP Server Port field, enter the LDAP server port.
    3. Enter the LDAP Base Distinguished Name. Obtain this value from your LDAP administrator.
    4. Select the LDAP Server Type from the drop down list.
      • Select sAMAccountName (MS AD) for Active Directory.
      • Select userPrincipalName (MS AD) for Active Directory.
      • Select uid (Other LDAP) for other directory services.
    5. In the Bind Domain Name field, enter the bind distinguished name. This must be a Full Distinguished Name of a user in the LDAP directory service. For example:

      CN=John Smith,CN=USERS,DC=MYCOMPANY,DC=COM

    6. In the Bind Password field, enter the password for the name given in the Bind Domain Name field.
    7. Enable Secure LDAP if you want Content Gateway to use secure communication with the LDAP server. If enabled, set the LDAP port to 636 or 3269.
  6. Click Add Domain.