Configuring Content Gateway to be an LDAP client
Steps
- Go to Configure > My Proxy > Basic > General.
- In the Authentication section, click LDAP On, and then click Apply.
- Configure the Global authentication options.
- Go to Configure > Security > Access Control > LDAP.
- Enter the hostname of the LDAP server.
-
Enter the port on which Content Gateway communicates with the LDAP server. The default is port 389.
Note: When the LDAP directory service is Active Directory, requests from users located outside the global catalog’s base domain will fail to authenticate. This is because the default port for LDAP is 389 and requests sent to 389 search for objects only within the global catalog’s base domain. To authenticate users from outside the base domain, change the LDAP port to 3268. Requests sent to 3268 search for objects in the entire forest.
- Enable Secure LDAP if you want the proxy to use secure communication with the LDAP server. Secure communication is performed on port 636 or 3269. Change the port value in the previous field, if necessary.
-
Select the type of directory service to set the filter for searching.
- Microsoft Active Directory (sAMAccountName) sets the type to sAMAccountName (default).
- Microsoft Active Directory (userPrincipalName) sets the type to userPrincipalName.
- Other sets the type to uid for eDirectory or other directory services.
-
Enter the Bind Distinguished Name (fully qualified name) of a user in the LDAP-based directory service. For example:
CN=John Smith,CN=USERS,DC=MYCOMPANY,DC=COM
Enter a maximum of 128 characters in this field.
If no value is specified for this field, the proxy attempts to bind anonymously.
- Enter a password for the user specified in the previous step.
- Enter the Base Distinguished Name (DN). Obtain this value from your LDAP administrator.
- Click Apply.
-
Click Restart on Configure > My Proxy > Basic > General.
As optional steps, you can:
- Change LDAP cache options. See Setting LDAP cache options.
- Configure Content Gateway to allow certain clients to access specific sites on the Internet without being authenticated by the LDAP server. See Access Control).