Configuring a directory server

You can configure the SafeLinx Server to retrieve user profile information from an external LDAP server. The directory server that you configure also provides information about how to contact other directory server services. After you configure a directory server, you can assign it to an LDAP-bind authentication profile to authenticate clients when they log in.

About this task

To create a directory server resource, complete the following procedure:

Procedure

  1. Right-click the OU where you want to create the directory server, and then click Add Resource > Directory server.
  2. Type the IP address or host name, and the port number of the remote directory service server.
  3. Using standard X.500 notation, type the base distinguished name of the root node or suffix of the primary organizational unit for this SafeLinx Server. This field is case-sensitive. The base DN specifies where in the directory structure to begin searches during client authentication.
  4. Specify the distinguished name of an administrator on the remote directory service and the password for the account.

    Verify the correct syntax for the administrator DN with administrator of the LDAP server. If you specify the DN incorrectly, the SafeLinx Server cannot connect to the directory server.

    If the server allows anonymous lookups, you do not have to provide the administrator credentials, unless you want SafeLinx to be able to modify information in the directory.

  5. You can use TLS to secure the connection to the directory server.
    1. Select Use secure connection.
    2. Type the file names of the key database and stash password files.
    3. Modify the default port number, if necessary.
    4. Select Only Use FIPS 140-2 approved ciphers to require the use of specific cryptographic standards to secure the connection to the directory server.

      In some cases, LDAP clients that use older version of the SSL protocol might be unable to negotiate a secure connection to servers that support newer protocols only. If the directory server requires the use of current encryption protocols, select this field.

    To finish creating the secured connection, obtain the certificate for the directory server and use the GSKit to manage the key database and stash password files. For more information, see Securing communications with an LDAP server.