The LDAP tab enables you to configure and edit the access to an LDAP server on which the LDAP accounts are managed that can be released for the MUs of the SE server.
In a Management Cluster, you can configure one LDAP server per SE server. Two redundant MUs in one SE server share the same LDAP server.
The LDAP server and the MU(s) must synchronize their time via the same NTP server.
The explicitly configured port for the LDAP protocol (default 389 resp. in case of communication secured by LDAPS 636) as well as ports 88 and 750 for the Kerberos protocol must be open in the firewall to allow communication with the LDAP server.
> | In the tree structure select Authorizations On the LDAP tab, the configuration data of the currently configured LDAP server are displayed. The Status field informs you whether the LDAP configuration was activated or only created. |
In a Management Cluster, the configurations for each SE server are displayed in individual groups. The LDAP configuration is SE server-specific, but in the default mode it is configured for all SE servers together (i.e. all get the same configuration). For more information on the LDAP configuration in the Management Cluster, see the "Cluster Solutions for SE Servers" whitepaper [8].
The following options are available to you:
Configuring access to the LDAP server
To access the LDAP server, you need a valid account on an LDAP server (Bind DN) with a password.
> | Click on the Change LDAP configuration button, in the subsequent dialog enter the access data for the LDAP server or change the existing data. |
Testing the LDAP configuration
> | In the displayed LDAP configuration of the SE server, click the corresponding Test LDAP configuration icon. The test commences immediately and is followed by a dialog that informs you whether the LDAP configuration was successfully tested. You can only work with LDAP accounts if the test was successful. |
Changing the access data of LDAP configurations
You can change individual parameters of the displayed LDAP configuration, e.g. activate or deactivate the access to the LDAP server:
> | In the displayed LDAP configuration of the SE server, click the corresponding Change LDAP configuration icon and change the data of the currently entered access as you require. To activate or deactivate the access to the LDAP server, activate or deactivate the Active option. Confirm the action. |
Delete LDAP configuration
> | In the displayed LDAP configuration of the SE server, click the corresponding Delete LDAP configuration icon and confirm the action. On the LDAP tab, no configuration data are displayed (in the group) anymore. |