397
Encrypted LDAP connection
Activate secure LDAP for encrypted communication between the proxy and the LDAP
server.
Communication between browser and proxy is not encrypted.
The browser transmits the user's credentials more or less in
plaintext.
Type of server
Select the LDAP server type. Your choice will determine the attribute used to find a
user in the LDAP directory.
other (UID)
Select this option if the login can be found as attribute "UID" in LDAP user objects.
This convention is used by most LDAP servers.
MS ActiveDirectory (SAM)
If you select this option, SX-GATE will search for objects which have the
login specified as "SAMAccountName" attribute. In the Microsoft ActiveDirectory,
this attribute refers to the user login name for compatibility with "Windows
NT 3.5x/4.0". Please be aware that the ActiveDirectory search requires read
permissions. If there's no read access to a user object, it will not be possible to
log on as this user.
MS ActiveDirectory (CN)
If the user object is to be identified with the "CN" attribute, select this option. In the
Microsoft Active Directory, the "CN" attribute corresponds to the user object name,
which immutable. Using this attribute as the user name can cause problems, since
special characters and spaces are often part of the name.
Searchbase
If you want to use LDAP authentication you have to to specify the searchbase required
for your LDAP server. This container must contain the user objects. Two examples:
•
CN=users,DC=ad,DC=example,DC=com
•
OU=SBSUsers,OU=Users,OU=MyBusiness,DC=example,DC=com
Search hierarchically
Activate the hierarchical search if user objects can not only be found directly in the
searchbase container, but also in containers below. Searching in the LDAP server might
require specific access permissions.