Identity Source Name |
Name of the identity source. |
Base Distinguished Name for Users |
Base Distinguished Name for users. Enter the DN from which to start user searches. For example, cn=Users,dc=myCorp,dc=com. |
Base Distinguished Name for Groups |
The Base Distinguished Name for groups. Enter the DN from which to start group searches. For example, cn=Groups,dc=myCorp,dc=com. |
Domain Name |
The FQDN of the domain. |
Domain Alias |
For Active Directory identity sources, the domain's NetBIOS name. Add the NetBIOS name of the Active Directory domain as an alias of the identity source if you are using SSPI authentications. For OpenLDAP identity sources, the domain name in capital letters is added if you do not specify an alias. |
User Name |
ID of a user in the domain who has a minimum of read-only access to Base DN for users and groups. The ID can be in any of these formats:
The user name must be fully-qualified. An entry of "user" does not work. |
Password |
Password of the user who is specified by Username. |
Primary Server URL |
Primary domain controller LDAP server for the domain. You can use either the host name or the IP address. Use the format ldap://hostname_or_IPaddress:port or ldaps://hostname_or_IPaddress:port. The port is typically 389 for LDAP connections and 636 for LDAPS connections. For Active Directory multi-domain controller deployments, the port is typically 3268 for LDAP and 3269 for LDAPS. A certificate that establishes trust for the LDAPS endpoint of the Active Directory server is required when you use ldaps:// in the primary or the secondary LDAP URL. |
Secondary Server URL |
Address of a secondary domain controller LDAP server that is used for failover. You can use either the host name or the IP address. |
Certificates (for LDAPS) |
If you want to use LDAPS with your Active Directory LDAP Server or OpenLDAP Server identity source, click Browse to select a certificate. To export the root CA certificate from Active Directory, consult the Microsoft documentation. |