Configuring Default LDAP Settings

  1. Log into the KeyControl webGUI on any node in the cluster using an account with Security Admin privileges.

  2. On the top menu bar, click Settings.
  3. In the Default Settings section, click Authentication.

  4. In the Type drop-down, select LDAP and specify the options you want to use.

    ClosedOptions

    Field

    Description

    Server URL

    The LDAP server IP address or hostname. Select ldap:// or ldaps:// from the drop-down list and enter the URL in the text field. To include a port number, specify :port after the name. For example, ldaps://10.238.66.33:389.

    Note: KeyControl does not currently support multiple LDAP servers.

    STARTTLS

    Enable this option if you want KeyControl to use Transport Layer Security (TLS) protocol when communicating with the LDAP server.

    Note: This option is only available if the Server URL starts with ldap://.

    Base DN

    The Distinguished Name (DN) of the node where the search for the user should start. For performance reasons, the base DN should be as specific as possible.

    For example, dc=ldapserver,dc=com.

    Bind User

    The DN of the user KeyControl should use when logging into the LDAP server. This DN is usually an administrative user and it can have read only permissions on the server.

    For example: CN=Administrator,CN=Users,dc=ldapserver,dc=com

    Bind Password

    The password for the Bind User account.

    UID Attribute

    The Security Manager Account Name (sAMAccountName) for the user.

    Note: The sAMAccountName is not used when the LDAP connection is tested. If the test passes but authentication fails, make sure this attribute is correct.
    CA Certificate

    The CA (Certificate Authority) certificate that KeyControl should use to verify the LDAP server's SSL/TLS certificate when KeyControl communicates with the LDAP server.

    The certificate must be in one of the following formats: Base64 X.509, DER binary X.509, or PKCS#7 DER.

    The certificate is required if the Server URL begins with ldaps:// or if STARTTLS is enabled.

    To add a certificate, click Load File and browse to the certificate you want to use.

    Cert Format

    The format of the uploaded CA certificate. KeyControl supports Base64 X.509, DER binary X.509, and PKCS#7 DER.
  5. When you are finished, click Apply.

 

HyTrust DataControl v 4.1

Copyright © 2017 HyTrust, Inc. All Rights Reserved.

Follow us: