Configuring Default LDAP Settings

  1. Log into the KeyControl webGUI on any node in the cluster using an account with Security Admin privileges.

  2. In the top menu bar, click Settings.
  3. In the General Settings section, click Authentication.

  4. In the Type drop-down, select LDAP and specify the options you want to use.

    ClosedOptions

    Field

    Description

    Server URL

    The LDAP server IP address or hostname. Select ldap:// or ldaps:// from the drop-down list and enter the URL in the text field. To include a port number, specify :port after the name. For example, ldaps://10.238.66.33:389.

    Note: KeyControl does not currently support multiple LDAP servers.

    STARTTLS

    Enable this option if you want KeyControl to use Transport Layer Security (TLS) protocol when communicating with the LDAP server.

    Note: This option is only available if the Server URL starts with ldap://.

    Base DN

    The Distinguished Name (DN) of the node where the search for the user should start. For performance reasons, the base DN should be as specific as possible.

    For example, dc=ldapserver,dc=com.

    Service Account

    The AD account that KeyControl should use when logging into the AD server.

    Specify the account using one of the following formats:

    • Distinguished Name (DN). For example, CN=Administrator,CN=users,DC=hytrust,DC=com
    • User Principal Name (UPN). For example, administrator@hytrust.com.
    • Account username. For example, administrator.

    The AD account is usually an administrative user and it can have read only permissions on the AD server.

    Service Account Password

    The password for the Service Account.

    UID Attribute

    The Security Manager Account Name (sAMAccountName) for the user.

    Note: The sAMAccountName is not used when KeyControl tests the LDAP connection. If the test passes but authentication fails, make sure this attribute is correct.
    CA Certificate

    If you are using ldaps:// or have selected the STARTTLS option for ldap://, click Load File and select the CA  (Certificate Authority) certificate for the LDAP server.

    The certificate must be in Base64 encoded pem format.
  5. When you are finished, click Apply.

 

HyTrust DataControl v 4.2.1

Copyright © 2018 HyTrust, Inc. All Rights Reserved.

Follow us: