Server Settings

Depending on the option you selected in the first step of the wizard, some or all of the settings may already be displayed on the Server Settings page. These values are only intended as a guide, and you must adjust them to match your directory server's requirements.

Note
If you are using an anonymous directory services server, it is not necessary to enter a distinguished name (DN) or password.
  1. Under Directory Services Settings, review/set the following options:
    1. In the Server text box, enter the fully qualified hostname of the server used for directory services look-ups.

      Alternatively, enter a comma-separated list of failover servers.The first in the list should be the primary server. If the primary server fails, the appliance will attempt to use the other specified servers in the order that they are named.

      Important
      If you specify multiple servers, you must ensure that each of the servers uses an indentical directory structure. Failure to do so could result in unexpected behavior.
    2. In the Port text box, enter the port number of the server used for directory services look-ups. The default port is 389, or port 636 for LDAPS. If the Active Directory global catalog (GC) is used, the port is 3268, or 3269 for a secure connection.
    3. From the Protocol drop-down list, select the type of LDAP used for user authentication. The default is standard LDAP, but LDAPS encrypts all communication between the appliance and the LDAP or Active Directory server with Secure Sockets Layer (SSL).

      Additional configuration is required for LDAPS. For example, in Active Directory, you must install a valid certificate to enable LDAPS. For more information, see the following Microsoft articles: "How to enable LDAP over SSL with a third-party certification authority," "Requirements for domain controller certificates from a third-party certification authority," and "Advanced Certificate Enrollment and Management."

    4. In the DN to authenticate text box, enter the distinguished name (DN) used to connect to the directory services server for authentication purposes (if required). Here are some examples of possible DN formats:
      • CN=Administrator,CN=Users,DC=Server
      • DOMAIN\username (Active Directory)
      • user1.users.server (Novell eDirectory)
      Note
      Enter a DN appropriate for the directory profile you have selected.
    5. In the Password text box, enter the password for directory services look-ups (if required).
    6. In the Base DN for users/groups text box, enter the top directory services node from which searches are performed.
    7. In the Account attribute text box, enter the directory services object attribute that is queried when logging in to the End User Web Quarantine.
    8. In the Email attribute text box, enter the object attribute for email addresses in directory services.
    9. In the Email alias attribute text box, enter the object attribute for proxy addresses in directory services.
    10. In the Group name attribute text box, enter the directory services object attribute that specifies the group name for a group entry.
  2. Click Verify.

    The appliance verifies that all of the values you entered are valid. If verification is successful, a green check mark is displayed beside each setting in the Verify Settings dialog box.

    Note
    If you specified multiple servers in the Server text box, a successful result is returned if any one of the servers responds. Each server is not verified separately.
  3. If all settings are verified, click OK. Otherwise, correct any invalid settings, and repeat the verification.
  4. Click Next.
    The queries run automatically, and the results are displayed to the right of each text box. Successful queries are indicated by a green check mark.