The LDAP tab in the Authorizations -> Configuration menu enables you to configure and edit the access to an LDAP server on which the LDAP accounts are managed that can be released for the MUs of the SE server.
In a Management Cluster, you can configure one LDAP server per SE server. Two redundant MUs in one SE server share the same LDAP server.
The LDAP server and the MU(s) must synchronize their time via the same NTP server.
In a Management Cluster, the configurations for each SE server are displayed in individual groups. The LDAP configuration is SE server-specific, but in the default mode it is configured for the involved SE servers together (i.e. they get the same configuration). For more information on the LDAP configuration in the Management Cluster, see the "Cluster Solutions for SE Servers" whitepaper [7].
Security-relevant actions
As administrator or security administrator you can configure and edit the access to an LDAP server. For access, you need a valid account on an LDAP server (Bind DN) with a password.
When you enter or change the access data, you can test if the LDAP server configuration works correctly. You can only work with LDAP accounts if the test was successful.
As soon as you activate the access and a connection to the LDAP server is established, the released LDAP accounts can be used to log in on the SE Manager.
As soon as you de-activate the access, the released LDAP accounts can no longer be used.
As soon as you delete the LDAP configurations, the configuration data are removed and the LDAP accounts can no longer be used to log in on the SE Manager. The valid accounts on an LDAP server still exist.
- The communication between the SE server and the LDAP server can be secured by TLS (port 389 by default) or by LDAPS (port 636 by default).
- If LDAP is used, the port configured in SEM (e.g. the stadard ports 389 resp. 636 - see above), and ports 88 and 750 for Kerberos must be open in the firewall.