ExtraHop 8.8 ExtraHop Trace Admin UI Guide
32
1. Log in to the Administration settings on the ExtraHop system through
https://<extrahop-
hostname-or-IP-address>/admin
.
2. In the Access Settings section, click
Remote Authentication
.
3. From the Remote authentication method drop-down list, select
LDAP
and then click
Continue
.
4. On the LDAP Settings page, complete the following server information fields:
a) In the Hostname field, type the hostname or IP address of the LDAP server. If you are configuring
a hostname, make sure that the DNS entry of the ExtraHop system is properly configured.
b) In the Port field, type the port number on which the LDAP server is listening.
c) From the Server Type drop-down list, select
Posix
or
Active Directory
.
d) (Optional) In the Bind DN field, type the bind DN. The bind DN is the user credentials that allow
you to authenticate with the LDAP server to perform the user search. The bind DN must have list
access to the base DN and any OU, groups, or user account required for LDAP authentication. If
this value is not set, then an anonymous bind is performed. Note that anonymous binds are not
enabled on all LDAP servers.
e) (Optional) In the Bind Password field, type the bind password. The bind password is the password
required when authenticating with the LDAP server as the bind DN specified above. If you
are configuring an anonymous bind, leave this field blank. In some cases, an unauthenticated
bind is possible, where you supply a Bind DN value but no bind password. Consult your LDAP
administrator for the proper settings.
f)
From the Encryption drop-down list, select one of the following encryption options.
•
None:
This options specifies cleartext TCP sockets. All passwords are sent across the network in
cleartext in this mode.
•
LDAPS:
This option specifies LDAP wrapped inside SSL.
•
StartTLS:
This option specifies TLS LDAP. (SSL is negotiated before any passwords are sent.)
g) Select
Validate SSL Certificates
to enable certificate validation. If you select this option, the
certificate on the remote endpoint is validated against the root certificates as specified by the
trusted certificates manager. You must configure which certificates you want to trust on the
Trusted Certificates page. For more information, see
Add a trusted certificate to your ExtraHop
h) Type a time value in the Refresh Interval field or leave the default setting of 1 hour. The refresh
interval ensures that any changes made to user or group access on the LDAP server are updated
on the ExtraHop system.
5. Configure the following user settings:
a) Type the base DN in the Base DN field. The Base DN is the point from where a server will search
for users. The base DN must contain all user accounts that will have access to the ExtraHop
system. The users can be direct members of the base DN or nested within an OU within the base
DN if the
Whole Subtree
option is selected for the Search Scope specified below.
b) Type a search filter in the Search Filter field. Search filters enable you to define search criteria
when searching the LDAP directory for user accounts.
Important:
The ExtraHop system automatically adds parentheses to wrap the filter and will
not parse this parameter correctly if you add parentheses manually. Add your
search filters in this step and in step 5b, similar to the following example:
cn=atlas*
|(cn=EH-*)(cn=IT-*)
In addition, if your group names include the asterisk (*) character, the
asterisk must be escaped as
\2a
. For example, if your group has a CN called
test*group
, type
cn=test\2agroup
in the Search Filter field.
c) From the Search Scope drop-down list, select one of the following options. Search scope specifies
the scope of the directory search when looking for user entities.
Содержание Trace Admin UI
Страница 1: ...ExtraHop 8 8 ExtraHop Trace Admin UI Guide...
