Log into the KeyControl webGUI on any node in the cluster using an account with Security Admin privileges.
In the Type drop-down, select LDAP and specify the options you want to use.
|
Field |
Description |
|||
|---|---|---|---|---|
|
Server URL |
The LDAP server IP address or hostname. Select
|
|||
|
STARTTLS |
Enable this option if you want KeyControl to use Transport Layer Security (TLS) protocol when communicating with the LDAP server.
|
|||
|
Base DN |
The Distinguished Name (DN) of the node where the search for the user should start. For performance reasons, the base DN should be as specific as possible. For example, |
|||
|
Bind User |
The DN of the user KeyControl should use when logging into the LDAP server. This DN is usually an administrative user and it can have read only permissions on the server. For example: |
|||
|
Bind Password |
The password for the Bind User account. |
|||
|
UID Attribute |
The Security Manager Account Name (sAMAccountName) for the user.
|
|||
| CA Certificate |
The CA (Certificate Authority) certificate that KeyControl should use to verify the LDAP server's SSL/TLS certificate when KeyControl communicates with the LDAP server. The certificate must be in one of the following formats: Base64 X.509, DER binary X.509, or PKCS#7 DER. The certificate is required if the Server URL begins with To add a certificate, click Load File and browse to the certificate you want to use. |
|||
|
Cert Format |
The format of the uploaded CA certificate. KeyControl supports Base64 X.509, DER binary X.509, and PKCS#7 DER. |