LDAP Advanced Configuration dialog box

This dialog box is for configuring parameters which are used for LDAP query. The parameters can be different for different LDAP servers, such as Sun ONE Directory server, Open LDAP Server, and so on.

Some configuration items address other LDAP v3 compliant servers, such as Open LDAP. Unlike Active Directory Server, where you use a user ID to log in, these LDAP servers require users to use a distinguished name to log in.

In this way, it uses a helper account to resolve the user’s distinguished name. Therefore, the user can still use a user ID when logging on to the host server. The host server first resolves the user’s distinguished name. Then the host server logs on to the LDAP Server with the resolved distinguished name and user password.

This table shows the available parameters:

Parameter Description
Attribute for User ID The attribute name of the user account on the LDAP server. For Active Directory, this is sAMAccountName.
User Classes The class names for user entries on the LDAP server.
Group Classes The class names for the group entry on the LDAP server.
Root Naming Contexts The name of the root entry. All other entries, including user and group entries, are under the root entry. For Active Directory, there is a rootDomainNamingContext attribute that specifies the root naming context; for other LDAP servers, no such attribute exists. Specify the attribute for other LDAP servers, or leave blank for Active Directory.
User Search Base A node’s distinguished name that is defined in the LDAP server, under which all users are defined.
Manager Distinguished Name The distinguished name of a helper user, which is used for resolving the other user’s distinguished name.
Manager Password The password for the LDAP server for the above user.