Adding LDAP Server Settings

To activate and use external LDAP/LDAPS server authentication, enable LDAP authentication and enter the information you have gathered for any LDAP/LDAPS server.

Note: An LDAPS server refers to an SSL-secured LDAP server.

  1. Choose Device Settings > Security > Authentication. The Authentication Settings dialog appears.
  2. Select the LDAP radio button to activate the LDAP/LDAPS authentication.
  3. Click New to add an LDAP/LDAPS authentication server. The "Create new LDAP Server Configuration" dialog appears.
  4. IP Address / Hostname - Type the IP address or hostname of your LDAP/LDAPS authentication server.

    Important: Without the SSL encryption enabled, you can type either the domain name or IP address in this field, but you must type the fully qualified domain name if the SSL encryption is enabled.

  5. Type of LDAP server. Choose one of the following options:
  6. LDAP over SSL - Select this checkbox if you would like to use SSL. Secure Sockets Layer (SSL) is a cryptographic protocol that allows the PXE to communicate securely with the LDAP/LDAPS server.
  7. Port - The default Port is 389. Either use the standard LDAP TCP port or specify another port.
  8. SSL Port - The default is 636. Either use the default port or specify another port. This field is enabled when the "LDAP over SSL" checkbox is selected.
  9. Enable verification of LDAP Server Certificate - Select this checkbox if you would like the PXE to verify whether the selected LDAP server certificate is valid.
  10. CA Certificate - Consult your authentication server administrator to get the CA certificate file for the LDAP/LDAPS server. Use the Browse button to navigate to the certificate file.
  11. Anonymous Bind - For "OpenLDAP," use this checkbox to enable or disable anonymous bind.
  12. Use Bind Credentials - For "Microsoft Active Directory," use this checkbox to enable or disable anonymous bind.
  13. Bind DN - Specify the DN of the user who is permitted to search the LDAP directory in the defined search base. This information is required only when the Use Bind Credentials checkbox is selected.
  14. Bind Password and Confirm Bind Password - Enter the Bind password in the Bind Password field first and then the Confirm Bind Password field. This information is required only when the Use Bind Credentials checkbox is selected.
  15. Base DN for Search - Enter the name you want to bind against the LDAP/LDAPS (up to 31 characters), and where in the database to begin searching for the specified Base DN. An example Base Search value might be: cn=Users,dc=raritan,dc=com. Consult your authentication server administrator for the appropriate values to enter into these fields.
  16. Type the following information in the corresponding fields. LDAP needs this information to verify user names and passwords.
  17. Active Directory Domain - Type the name of the Active Directory Domain. For example, testradius.com. Consult with your Active Directory Administrator for a specific domain name.
  18. To verify if the authentication configuration is set correctly, you may click Test Connection to check whether the PXE can connect to the remote authentication server successfully.

    Tip: You can also do this by using the Test Connection button in the Authentication Settings dialog.

  19. Click OK. The new LDAP server is listed in the Authentication Settings dialog.
  20. To add additional LDAP/LDAPS servers, repeat Steps 3 to 19.
  21. Click OK. The LDAP authentication is now in place.

If you have added any LDAP/LDAPS server information to the PXE, and the server you are adding shares the same settings with an existing server, the most convenient way is to duplicate that LDAP/LDAPS server's data.

  1. Repeat Steps 1 to 4 in the above procedure to add the LDAP/LDAPS server you want.
  2. Select the "Use settings from LDAP Server" checkbox.
  3. Click the drop-down arrow below the checkbox to select the LDAP/LDAPS server whose settings you want to copy.
  4. Click OK.

Note: If the PXE clock and the LDAP server clock are out of sync, the certificates are considered expired and users are unable to authenticate using LDAP. To ensure proper synchronization, administrators should configure the PXE and the LDAP server to use the same NTP server.

In This Section

More Information about AD Configuration

See Also

Adding Authentication Servers

Adding RADIUS Server Settings