LDAP/Active Directory Guide. Release 4.0
|
|
- Tracey Curtis
- 8 years ago
- Views:
Transcription
1 LDAP/Active Directory Guide Release 4.0
2 Publication date: October 2004 Copyright 2004 Xerox Corporation. All Rights Reserved. Xerox, The Document Company, the digital X and DocuShare are trademarks of Xerox Corporation. All other signs or marks are the properties of their respective companies, and recognized as such. Specifications accurate at time of publication. Specifications subject to change without notice.
3 Table of Contents Chapter 1 Understanding the LDAP structure LDAP overview LDAP structure Directories Attributes Relative Distinguished Name Distinguished Name Directory Information Tree DIT organization based on geographical domains DIT organization based on DNS Chapter 2 LDAP/DocuShare configuration DocuShare Configuration LDAP and SSL Certificates Import the Certificate to DocuShare Export the Certificate and Save as a CER File Placing the Certificate into DSTrustStore The Active Directory Administration Tool Using the Active Directory Administration tool The Active Directory LDIFDE command LDIFDE command syntax and usage LDIFDE command example Analyzing the adexport.txt file contents DocuShare LDAP/Active Directory Guide iii
4 Table of Contents iv Release 4.0
5 Understanding the LDAP structure DocuShare LDAP/Active Directory Guide 1 1
6 LDAP overview Understanding the LDAP structure LDAP overview While some background information is provided for understanding basic concepts, this guide does not provide instructions for implementing either LDAP or Windows Active Directory. The information in this guide assumes the Active Directory server is already in place and is being managed by either an Active Directory administrator or by an LDAP administrator. Examples shown in this appendix use Microsoft Windows 2000 Server with Microsoft Internet Explorer (IE) V.6.X. LDAP, or Lightweight Directory Access Protocol, is a lightweight alternative to the X.500 Directory Access Protocol (DAP). LDAP uses the TCP/IP protocol stack instead of the OSI protocol stack that is required by X.500. As a lightweight alternative, LDAP simplifies some operations, but lacks support for some of the features of X.500 DAP. LDAP is the protocol that is used between a directory client and a server. LDAP defines the content of messages exchanged between an LDAP client and an LDAP server. The LDAP client, in this case the DocuShare server, communicates to the LDAP server. The LDAP server, acting as a gateway, accesses the LDAP directory. The LDAP directory may be implemented either as a stand-alone on the LDAP server or as a directory on an X.500 server. DocuShare submits directory content queries to the LDAP server. The LDAP server accesses the directory, either LDAP or X.500, and returns the results to DocuShare. The LDAP protocol allows for read and for update client operations on the directory data. NOTE: DocuShare does not update LDAP directory data. DocuShare only reads the results of the queries that it sends to the LDAP server. 1 2 Release 4.0
7 Understanding the LDAP structure LDAP structure LDAP structure Entries within an LDAP directory are organized in a specific hierarchical structure. Directories A directory is a special type of database. Directories are optimized to support a high volume of read requests along with write access that is generally limited to system administrators. Similar to the white pages of a telephone book, an LDAP directory is read more times than it is updated. Just as a telephone book lists individuals, companies, and organizations, an LDAP directory lists objects such as users, servers, and printers. In the same way that a telephone book contains information about each listing, such as name, number, and address, the entries in the LDAP directory contain pertinent information about each object. This object information is referred to as attributes. Attributes Each object entry within an LDAP directory contains one or more attributes. Each attribute is comprised of a type and a value. A telephone book entry has attributes such as the name of a person and a corresponding telephone number. LDAP attributes appear in the format of commonname=jane Smith telephonenumber= Table 1 1 lists some common LDAP attributes, along with the alias associated with the attribute. Table 1 1: LDAP Attribute Attribute Alias Description of Attribute Example commonname cn Common name of an entry Jane Doe Surname sn Last name of the person Doe userid uid User ID or login name jdoe telephonenumber - Telephone number origanizationalunitname ou Name of organizational unit my department organization o Name of organization my company domaincomponent dc DNS component xyz.com Relative Distinguished Name The Relative Distinguished Name, or RDN, is represented in the form of an attribute data pair (type and value), such as: cn=jane Doe uid=smith ou=marketing dc=xerox DocuShare LDAP/Active Directory Guide 1 3
8 LDAP structure Understanding the LDAP structure Distinguished Name Entries in the directory are organized by a Distinguished Name (DN). Distinguished Name is similar to the absolute path to a file in the Windows file system. The DN of an object is made up of the name and the location of the entry within the directory. A DN is made up of RDN attribute data pairs, separated by commas, such as: cn=john Smith,ou=marketing,dc=Xerox,dc=com cn=john Smith,ou=engineering,dc=Xerox,dc=com The path for a DN is from the lowest order to highest order. This is the reverse of the order that is used in the Windows file system. Just as the Windows file system allows numerous files to have the same name, if each file is in a different file directory, numerous users can have the same RDN as long as each DN is unique. As the DN example above shows, a John Smith can be listed in the marketing department and a John Smith can be listed in the engineering department. 1 4 Release 4.0
9 Understanding the LDAP structure Directory Information Tree Directory Information Tree The directory arranges entries in a hierarchical tree-like structure called the Directory Information Tree or DIT. A DIT is based on the Distinguished Name of the entries, with the Distinguished Names organized into branches that generally represent a geographical or organizational structure. Microsoft Active Directory is often organized either by geographical domains or by DNS. DIT organization based on geographical domains The illustration below shows how the administrator at seafood importing corporation might organize the LDAP directory hierarchy according to geography. To host a DocuShare server for their Acme company in the US, the administrator would define the DIT Root as o=acme, c=us. To define an external domain for the importing department at Acme, the administrator would define the Relative Authentication and the Directory Service Locator as ou=import. DIT organization based on DNS The illustration below shows how the administrator at corporation might organize the LDAP directory hierarchy according to DNS. The company uses Windows domain servers DocuShare LDAP/Active Directory Guide 1 5
10 Directory Information Tree Understanding the LDAP structure for the marketing, engineering, and finance divisions. By defining the DIT root as dc=mycompany, dc=com, the administrator can create a DocuShare external domain for each department within a division. To define an external domain for the Accounts Receivable department in the Finance division, the administrator would define the Relative Authentication and the Directory Service Locator as ou=accts recv, dc=finance. 1 6 Release 4.0
11 LDAP/DocuShare configuration DocuShare LDAP/Active Directory Guide 2 7
12 DocuShare Configuration LDAP/DocuShare configuration DocuShare Configuration To configure your DocuShare site to use LDAP/Active Directory, login as admin to your DocuShare site, then follow procedures A through F. To configure DocuShare correctly, use either the Active Directory Administration Tool or the Active Directory LDIFDE command to gather the necessary information. Both information gathering processes are described in this chapter. A- LDAP Configuration Use the DocuShare administration LDAP Configuration page to establish a connection between your DocuShare server and your LDAP server, and to define the Directory Information Tree that is used to create DocuShare external domains. 1. Open the LDAP Configuration page of the Administration UI. 2. Enter in the Host(s) field, the Host Name, or the IP address, or the DNS name of the LDAP/Active Directory server (FQDN preferred, or IP address if not FQDN). Use a space to separate multiple LDAP server address entries. 3. Enter in the Port field, the port number that is used by your LDAP server if other than the default port number Optional: Enter in the SSL field, the port number used for Secure Socket Layer. 5. Enter in the DIT Root field, the information you obtained using the Active Directory Administration Tool search for a reference to namingcontext. For example, this information would be in the format of dc=adoc,dc=xerox,dc=com. 6. Enter in the User RDN Key field, the attribute cn. This is the alias for the attribute commonname. The attribute my be different, depending on the type of LDAP server used (iplanet etc). 7. Select Agent in the System Agent field. Most Active Directory servers require either an Agent or a Service account login. 8. Enter in the DN field, the Distinguished Name of the agent account. For example, cn=john,cn=users,dc=adoc,dc=xerox. 9. Enter in the Password field, the password for the Agent account. 10. Go to the Test LDAP section at the bottom of the LDAP Configuration page. Use Test LDAP to check for a valid connection and a successful login to the LDAP server. 11. Select Agent in the Connection DN field. 12. Enter in the Name field, the Distinguished Name that you entered in the DN field in step Enter in the Password field, the password that you entered in the Password field in step Release 4.0
13 LDAP/DocuShare configuration DocuShare Configuration 14. Click Apply and Test. You will see a "Success" message if you have correctly established a connection to the LDAP server. 15. Repeat steps 11 through 14 but select User in the Connection DN field. NOTE: This test does not check the validity of the DIT Root nor the Relative Authentication Locator of any external domains.the test checks only whether DocuShare received a positive response from the LDAP server. B- Advanced Configuration Use LDAP Advanced configuration to set how specific object classes are defined on your LDAP server. 1. Click Advanced located at the bottom of the LDAP Configuration page. The LDAP Advanced Configuration page appears. 2. At the bottom of the LDAP Advanced Configuration page, locate the section title Object Classes. 3. In the User field, replace the default entry person, with the word user (all lowercase). 4. In the Static Group field, replace the default entry groupofuniquenames, with the word group (all lowercase). 5. Click Apply. C- Enable LDAP Providers Use the DocuShare administration Security Services and Directory Service pages to enable both the Security and Directory Provider Services for LDAP. This allows users to select the LDAP External Domains from the Domains drop down list at the Login prompts. 1. Open the Security Services page of the Administration UI. 2. On the Security Services page, check the LDAP box to enable LDAP as the authentication provider for all external domains, then click Apply. 3. Open the Directory Service page of the Administration UI. 4. On the Directory Service page, check the LDAP box to enable LDAP as the directory service provider for all external domains, then click Apply. DocuShare LDAP/Active Directory Guide 2 9
14 DocuShare Configuration LDAP/DocuShare configuration D- Bind User Use the DocuShare administration Bind User page to establish an association between DocuShare account properties and LDAP account attributes. 1. Open the Bind User page of the Administration UI. 2. In the First Name field, enter the attribute that LDAP uses for the first name of a user. This is generally givenname. 3. In the Last Name field, enter the attribute that LDAP uses for the last name of a user. This is generally surname or sn. This is a required field. 4. In the Username field, enter the attribute that LDAP uses for the login name of a user. This is generally samaccountname. This is a required field. 5. If the LDAP directory contains attributes for addition attributes, such as address, mail stop, telephone number, or home page, enter those attributes in the appropriate fields on the Bind User page. 6. Click Apply the save this information. E- Bind Group Use the DocuShare administration Bind Group page to establish an association between DocuShare account properties and LDAP account attributes. 1. Use the information you obtained using the LDIFDE command and enter those attributes in the appropriate fields on the Bind Group page. For more information, refer to the section of this chapter titled The Active Directory LDIFDE command/analyzing the adexport.text file contents/e. Bind Group Properties. 2. Click Apply the save this information. F- Create Domain Use the DocuShare administration Domains page to create external domains on your local DocuShare site. Each DocuShare external domain represents a branch in the LDAP directory tree. And each branch contains a collection of DocuShare user and group accounts. 1. Open the Domains page of the Administration UI. 2. In the Add field, enter the name of the external domain that you want to add to your local site. This may be simply a description name, such as Engineering. 3. Select LDAP/LDAP in the Providers/Security Services and Providers/Directory Services pages of the Admin UI. 4. In the Relative Authentication Locator field, enter one or more attribute pairs to define the path to the directory that contains the user and group accounts. Use the attribute components of the DN that are to the left of the DIT root and to the right of the user RDN Release 4.0
15 LDAP/DocuShare configuration DocuShare Configuration For example, the DN for a user account in a domain is cn=users name,ou=engineering,ou=docushare,dc=adoc,dc=xerox,dc=com. The Engineering domain is in ou=engineering, ou=docushare branch. The DIT root is dc=adoc, dc=xerox, dc=com. 5. In the Relative Directory Service Locator field, enter one or more attribute pairs. Use the same attribute pairs that you entered in the Relative Authentication Locator field. DocuShare 3.0 supports only LDAP for Authentication and Directory services, so the values for Relative Authentication Locator and Relative Directory Service Locator are identical. 6. Click Add to add this external domain to your local login menu. G- Add After you have completed the LDAP Configuration, Providers, Bind User, and Domains pages, you are ready to add user and group accounts to the external domain on your DocuShare site. If you were to List Users or List Groups in the new external domain, the domain would be empty. What you must do now is open the domain on the LDAP server, and select those user and group account that you want as members of your local external domain. 1. Open the Add page of the Administration UI. This is not the same page as Add User. 2. Select a domain from the By User domain menu. 3. Select one or more accounts from the User or Group list. Accounts not selected will not be able to login nor access the DocuShare site. 4. Click Add. The accounts selected now are part of the external domain as it appears on the DocuShare site. 5. Open the List Users page of the Administration UI, and select the newly added domain from the Domain menu. The List Users page displays all of the accounts that you just added to the external domain. H- View Login 1. Return to the DocuShare home page. 2. In the Login section of the home page, the new external domain should appear in the Login Domain menu. 3. A user of an external domain must select the correct domain for login, or DocuShare displays a login error message and a request to retry. DocuShare LDAP/Active Directory Guide 2 11
16 LDAP and SSL LDAP/DocuShare configuration LDAP and SSL Secure Socket Layer, or SSL, is a protocol that was developed by Netscape for transmitting private documents via the Internet. SSL works by using a public key to encrypt data that is transferred over an SSL connection. Both Netscape Navigator and Internet Explorer support SSL. Many Web sites use SSL to obtain confidential user information, such as credit card numbers and account passwords. An SSL session is initiated by using a URL that begins with https instead of http. Certificates When using SSL, servers and clients use certificates to provide proof of identity prior to establishing a secure connection. A certificate also contains public and private keys that are used to establish a session. Servers and clients use session keys to encrypt and decrypt data. Certificates may be self-signed or they can be issued by a certificate authority (CA) such as Entrust, Equifax, Valicert, or Verisign. Certificates issued by a CA are considered to be from a trusted third-party authority. Basically, third-party authority vouches for the identity of a user. Most client browsers are configured to recognize and trust certificates issued by CAs. When certificates are self-signed the user is acting as a certificate authority. A self-signed certificate must be installed in the browsers authorities' store and the certificate is not recognized as a trusted third-party authority. Certificates are issued as either client or server certificates. DocuShare does not support client-side certificates. DocuShare uses a copy of the LDAP server's certificate to establish the SSL session with the LDAP server. Import the Certificate to DocuShare Depending on the CA that issued the certificate, the administrator may need to import the certificate from the LDAP server to the DocuShare server web browser certificate store. If the certificate is self-signed, the administrator must import the certificate to the DocuShare server web browser certificate store. To import the certificate from a specific LDAP server: 1. Open a web browser at the DocuShare server. 2. Connect to the LDAP server using the address - Port 636 is the standard port for SSL. 3. If the certificate has not been installed on the DocuShare server's browser, a Security Alert window appears prompting you to install the certificate. 4. To install the certificate, click View Certificate at the bottom of the Security Alert window. A Certificate window appears. 5. Click the Details tab, then click the Copy to File button Release 4.0
17 LDAP/DocuShare configuration LDAP and SSL Export the Certificate and Save as a CER File After you have imported the certificate from the LDAP server, you now need to export the certificate to DocuShare directory and save it as a certificate file. To export the certificate and save it as a certificate file: 1. Click Next at the bottom of the Wizard window. If the certificate contained a private key, the Export Private Key window appears. 2. In the Export Private Key window, select No, do not export the private key. DocuShare will not need a private key to establish an SSL session with the LDAP server. 3. Click Next. The Export File Format window appears. 4. Select Base-64 encoded X.509 (.CER) in the Export File Format window. 5. Click Next. The File to Export prompt window appears. 6. Enter in the File name field, the directory path to a location on your drive where you want to export the certificate. For example D:\. 7. Enter in the File name field, behind the directory path, a file name for the certificate with the extension.cer. For example D:\SSL_Cert4LDAP.cer. 8. Click Next to complete the certificate export. The Completing Certificate Export Wizard window appears. 9. Click Finish to close the Wizard. The LDAP certificate is saved as a.cer file on your DocuShare site. 10. Follow the instructions on the next page, Placing the certificate into DSTrustStore. Placing the Certificate into DSTrustStore Now that you have saved the certificate as a certificate file, you must place it in the DSTrustStore file. To place the certificate.cer file into the DSTrustStore file: 1. Locate the.cer file you exported using the Certificate Export Wizard. 2. Copy the.cer file to the directory containing the DSTrustStore file <ds3_installdir>\jdk1.3.1\jre\lib\security. DocuShare LDAP/Active Directory Guide 2 13
18 LDAP and SSL LDAP/DocuShare configuration 3. Open a command prompt window and navigate to the directory containing dstruststore. Microsoft Windows 2000 [Version ] (C) Copyright Microsoft Corp. C:\>cd\xerox\docushare\jkd1.3.1\jre\lib\security C:\Xerox\DocuShare\jkd1.3.1\jre\lib\security\dir Volume in drive C is Local Disk Volume in Serial Number is 508B-0D2F Directory of C:\Xerox\DocuShare\jdk1.3.1\jre\lib\security :55 <DIR> :55 <DIR> :25 7,365 cacerts : dstruststore :26 2,271 java.policy :26 4,115 java.security : SLL_Cert4LDAP.cer 5 Files(s) 15,184 bytes 2 Dir(s) 1,486,024,704 bytes free C:\Xerox\DocuShare\jdk1.3.1\jre\lib\security 4. At the command prompt, enter the set PATH command to set the PATH environment variable. Use set PATH=%PATH%;<ds3_install-dir>\jdk1.3.1\bin. C:\Xerox\Docushare\jkd1.3.1\jre\lib\security>set PATH=%PATH%;C:\XEROX\DocuShare\jdk1.3.1\jre\bin 5. After you have set the PATH variable, at the command prompt, enter keytool, without arguments. The Keytool Utility help appears. The Keytool Utility places the SSL certificate in the DSTrustStore. 6. At the command prompt, enter the keytool utility command keytool -import -alias <alias_name> -file <cert_file> -keystore dstruststore Replace <alias_name> with a unique name for the certificate file. Replace <cert_file> with the name of the certificate file (.cer) that you exported and copied to the directory containing the dstruststore file Release 4.0
19 LDAP/DocuShare configuration LDAP and SSL 7. Press Enter to start the command. A request for a password appears. 8. Enter password and press Enter. C:\Xerox\Docushare\jkd1.3.1\jre\lib\security>keytool -import -alias Test LDAPss1 -file SDL_Cert4LDAP.cer -keystore dstruststore Enter keystore password: password Owner: OU=EFS File Encryption Certificate, L=EFS, CN=Administrator Issuer: OU=EFS File Encryption Certificate, L=EFS, CN=Administrator Serial number: 5ee8abd44c2cd2b14ffbee159f03d354 Valid from: Tue Feb 19 10:57:21 PST 2002 until: Thu Jan 26 10:57:21 PST 2102 Certificate fingerprints: MD5: 78:C7:A3:04:32:69:EB:97:76:FE:F4:8A:11:A2:65:26 SHA1: 02:DD:9A:BE:BE:DE:3C:AA:22:AE:14:9A:F2:F2:5B:11:61:6D:5A:5F Trust this certificate? [no]: yes Certificate was added to keystore C:\Xerox\DocuShare\jdk1.3.1\jre\lib\security> 9. Examine the screen output to ensure that Keytool successfully added the certificate to the keystore. If Keytool completed the operation, your DocuShare server is now ready to use the certificate to establish and SSL session with your LDAP server. DocuShare LDAP/Active Directory Guide 2 15
20 The Active Directory Administration Tool LDAP/DocuShare configuration The Active Directory Administration Tool You can use the Active Directory Administration Tool to perform various operations to an Active Directory and to query an LDAP directory server. To install and use the Active Directory Administration Tool to help configure your DocuShare site: 1. Open the Windows 2000 server software CD, and locate and read the sreadme.doc file. 2. Locate the file setup.exe in the Support\Tools directory. 3. Click the setup.exe file to begin the installation of the ldp.exe file. 4. Follow the on screen instructions to install the ldp.exe. 5. After installation has completed, open the Windows Start menu and click the Active Directory Administration Tool. This launches ldp.exe and the Active Directory Administration Tool appears. The Tool has a navigation bar with commands, and a left and right frame where it displays information Release 4.0
21 LDAP/DocuShare configuration The Active Directory Administration Tool Using the Active Directory Administration tool You can use the Active Directory Administration Tool to collect information about your LDAP server that you need to configure your DocuShare site to use the server for external domains. Follow procedures A through F. NOTE: This procedure is based on using the tool to collect information from a typical LDAP server setup. Variations may occur, depending on how the server was configured. A- Connect 1. Select Connection from the Active Directory Administration Tool navigation bar, and then select Connect from the Connection menu. The Connect dialog box appears. 2. Enter in the Server field either the IP address or the DNS name of the LDAP Active Directory server. 3. Enter in the Port field the port number used, if other than the displayed default. 4. Click OK. You have now set the LDAP server address and port number. B- Bind After setting up the connection to the LDAP server, you must now bind the server to an administrator account that has access permission to search the directory. 1. Select Connection from the Active Directory Administration Tool navigation bar, and then select Bind from the Connection menu. The Bind dialog box appears. 2. Enter the user account name in the User field, password in the Password field, and domain in the Domain field. 3. Click OK. If you have successfully connected to and created a bind to the LDAP server, the server displays response text in the right frame of the Active Directory Administration Tool. DocuShare LDAP/Active Directory Guide 2 17
22 The Active Directory Administration Tool LDAP/DocuShare configuration C- Locate the base Distinguished Name The base DN will be the starting point for our examination of the directory tree. 1. Search the response text of the right frame of the Active Directory Administration Tool for a reference to namingcontext. The format of the namingcontext will vary depending on the LDAP server that you are using. 2. The highlighted text is the base Distinguished Name for the DIT. For an example, the highlighted base DN might be dc=adoc,dc=xerox,dc=com. Your actual Base DN may differ according to the unique structure of your LDAP directory tree. Write down this information for later use. D- View the Directory Information Tree 1. Select View from the Active Directory Administration Tool navigation bar, and then select Tree from the View menu. The Tree View dialog box appears. 2. In the BaseDN field, enter the base Distinguished Name that you found in your namingcontext search above. 3. Click OK. The DIT for your LDAP server is displayed in the left frame of the Active Directory Administration Tool window. 4. Examine the Tree to determine where your DIT root will be for any DocuShare external domains that you want to create. The root should be high enough in the hierarchy so it includes all of the branches (such as organizationunit and domaincomponents) that will have access to the DocuShare server. For our example, we are going to use dc=adoc, dc=xerox,dc=com as our DIT root because we want to include only the users in the ADOC domain and not everyone at Xerox.com. E- Find the Agent Account In most cases an Active Directory does not accept anonymous queries to the directory.this requires the use of either an Agent or a Service account to query the server. Use the Search command to find the DN of the Agent account. 1. Select Browse from the Active Directory Administration Tool navigation bar, and then select Search from the Browse menu. The Search dialog box appears. 2. Enter a Base DN in the Base DN field. Depending on the Base DN value used and the location in the hierarchy of the Agent account, you may need to select Subtree to expand the search scope. 3. Enter a filer in the Filter field. We used the samaccoutname attribute for our filter since we knew the login name of the Agent account. This attribute is unique to Active Directory and is a carryover from Windows NT. If we knew the commonname (cn) of the account we 2 18 Release 4.0
23 LDAP/DocuShare configuration The Active Directory Administration Tool could have used commonname=peter Pan for example. An iplanet server may use the uid or commonname (cn) attribute. 4. Select the Scope of the search. Select Subtree is One Level is not wide enough. 5. Click Run. The results of your search appears as text in the right frame of the Active Directory Administration Tool window. For example, a search might show that the distinguishedname for the Agent account is cn=testuser1,cn=users,dc=adoc,dc=xerox,dc=com. F- Next step After following procedures A through E, you should be able to use Active Directory Administration Tool to gather the information you need to configure your DocuShare site to use LDAP for user account authentication. The IP address or the DNS name of the LDAP server The DIT Root The Agent account for DocuShare DocuShare LDAP/Active Directory Guide 2 19
24 The Active Directory LDIFDE command LDAP/DocuShare configuration The Active Directory LDIFDE command If you are running your LDAP server under Windows 2000 or Windows 2003 you can use the LDIFDE command to write to a text file, the contents of the entire LDAP directory or a specific domain within the LDAP directory. This text file contains most of the information you need to configure DocuShare for use with LDAP. The text file generated by LDIFDE is the primary file that is used by DocuShare Support to troubleshoot LDAP configuration issues. RESOURCES: For more information on using the LDIFDE command, go to support.microsoft.com/default.aspx?scid= support.microsoft.com:80/support/kb/articles/q237/6/ 77.ASP&NoWebContent= Release 4.0
25 LDAP/DocuShare configuration The Active Directory LDIFDE command LDIFDE command syntax and usage To use the LDIFDE command, open a command prompt window on your LDAP server and enter C:\Windows\system32>idifde -? and press Enter. LDIFDE returns the following: LDIF Directory Exchange General Parameters ================== -i Turn on Import Mode (The default is Export) -f filename Input or Output filename -s servername The server to bind to (Default to DC of logged in Domain) -c FromDN ToDN Replace occurences of FromDN to ToDN -v Turn on Verbose Mode -j Log File Location -t Port Number (default = 389) -u Use Unicode format -? Help Export Specific =============== -d RootDN The root of the LDAP search (Default to Naming Context) -r Filter LDAP search filter (Default to "(objectclass=*)") -p SearchScope Search Scope (Base/OneLevel/Subtree) -l list List of attributes (comma separated) to look for in an LDAP search -o list List of attributes (comma separated) to omit from input. -g Disable Paged Search. -m Enable the SAM logic on export. -n Do not export binary values Import ====== -k The import will go on ignoring 'Constraint Violation' and 'Object Already Exists' errors -y The import will use lazy commit for better performance Credentials Establishment ========================= Note that if no credentials is specified, LDIFDE will bind as the currently logged on user, using SSPI. -a UserDN [Password *] Simple authentication -b UserName Domain [Password *] SSPI bind method Example: Simple import of current domain ldifde -i -f INPUT.LDF Example: Simple export of current domain ldifde -f OUTPUT.LDF Example: Export of specific domain with credentials ldifde -m -f OUTPUT.LDF -b USERNAME DOMAINNAME * -s SERVERNAME -d "cn=users,dc=domainname,dc=microsoft,dc=com" -r "(objectclass=user)" DocuShare LDAP/Active Directory Guide 2 21
26 The Active Directory LDIFDE command LDAP/DocuShare configuration LDIFDE command example The following is an example of an LDIFDE command that writes the content of the Active Directory on a server named Corvette, to a text file named adexport.txt. Run the LDIFDE command: Enter the command C:\Windows\system32\LDIFDE.exe -f adexport.txt -s corvette and press Enter. The command runs and displays its progress: Connecting to "corvette" Logging in as current user using SSPI Exporting directory to file adexport.txt Searching for entries... Writing out entries entries exported The command has completed successfully C:\Documents and Settings\Administrator>LDIFDE -f adexport.txt -s corvette Connecting to "corvette" Logging in as current user using SSPI Exporting directory to file adexport.txt Searching for entries... Writing out entries entries exported The command has completed successfully 2 22 Release 4.0
27 LDAP/DocuShare configuration The Active Directory LDIFDE command The generated adexport.txt file Below is the contents of the adexport.txt file that the FDIFDE command generated in our example. This example shows only a portion of the total file content. Pay close attention to the bolded items; these are items you need to configure DocuShare to use this specific LDAP server. dn: DC=infodev,DC=dsbu,DC=xerox,DC=com changetype: add masteredby:cn=ntds Settings, CN=CORVETTE, CN=Servers, CN=infodev-dsbusite, CN=Sites,CN=Configuration, DC=infodev, DC=dsbu, DC=xerox, DC=com auditingpolicy:: AAE= creationtime: dc: infodev forcelogoff: fsmoroleowner:cn=ntds Settings, CN=CORVETTE, CN=Servers,CN=infodevdsbu-site, CN=Sites, CN=Configuration, DC=infodev, DC=dsbu, DC=xerox, DC=com [Sample Directory Record for a single User] dn: CN=Duncan Donkey, OU=Digital, OU=Actors, DC=infodev, DC=dsbu, DC=xerox, DC=com changetype: add accountexpires: badpasswordtime: 0 badpwdcount: 0 codepage: 0 cn: Duncan Donkey countrycode: 0 displayname: Duncan Donkey mail: ddonkey@infodev.xerox.com givenname: Duncan instancetype: 4 lastlogoff: 0 lastlogon: 0 logoncount: 0 distinguishedname: CN=Duncan Donkey, OU=Digital, OU=Actors, DC=infodev, DC=dsbu, DC=xerox, DC=com objectcategory:cn=person, CN=Schema, CN=Configuration, DC=infodev, DC=dsbu, DC=xerox,DC=com objectclass: user objectguid:: xmi02w78lempyca7atiupq== objectsid:: AQUAAAAAAAUVAAAAqDfWZRUlr0f4n7R0bgQAAA== primarygroupid: 513 pwdlastset: name: Duncan Donkey samaccountname: duncan samaccounttype: sn: Donkey useraccountcontrol: 512 userprincipalname: duncan@infodev.dsbu.xerox.com usnchanged: 7353 usncreated: 7349 whenchanged: Z whencreated: Z DocuShare LDAP/Active Directory Guide 2 23
28 The Active Directory LDIFDE command LDAP/DocuShare configuration Text file continued... [Sample Directory Record for a Group] dn: CN=labusers,CN=Users,DC=infodev,DC=dsbu,DC=xerox,DC=com changetype: add member: CN=Greg Wong,CN=Users,DC=infodev,DC=dsbu,DC=xerox,DC=com member: CN=Janet Gilmore,CN=Users,DC=infodev,DC=dsbu,DC=xerox,DC=com member: CN=Jennings\, Ferris,CN=Users,DC=infodev,DC=dsbu,DC=xerox,DC=com member: CN=Cua\, Kiam T,CN=Users,DC=infodev,DC=dsbu,DC=xerox,DC=com info: Authorized Login User to the InforDev Lab cn: labusers description: InfoDev Lab Users grouptype: instancetype: 4 distinguishedname:cn=labusers, CN=Users, DC=infodev, DC=dsbu, DC=xerox, DC=com objectcategory: CN=Group, CN=Schema, CN=Configuration, DC=infodev, DC=dsbu, DC=xerox, DC=com objectclass: group objectguid:: Cm9phZkOn0ig4iEWMRPWsg== objectsid:: AQUAAAAAAAUVAAAAqDfWZRUlr0f4n7R0VgQAAA== name: labusers samaccountname: labusers samaccounttype: usnchanged: 3975 usncreated: 2540 whenchanged: Z whencreated: Z 2 24 Release 4.0
29 LDAP/DocuShare configuration The Active Directory LDIFDE command Analyzing the adexport.txt file contents Our example adexport.txt file uses the Distinguished Name (DN) for Duncan Donkey; a member of the Digital Actors team in the InfoDev department of DSBU at Xerox Corporation. In our example, the DN for Duncan Donkey is defined as: CN=Duncan Donkey, OU=Digital, OU=Actors, DC=infodev, DC=dsbu, DC=xerox, DC=com By examining a users Distinguished Name you can find the information necessary to identify the: a. The Directory Information Tree (DIT) Root b. The User RDN Key c. The Relative Authentication and Directory Service Locators d. Bind User Attributes e. Bind Group Attributes A. The Directory Information Tree (DIT) Root Set the DIT root at the level of the directory tree that will include all branches of the directory that contain users who need access to the DocuShare server. In our example, only members of the DSBU organization at Xerox will have access to our sample DocuShare server. The DSBU organization includes several departments and teams within each department. These departments and teams are organized in the LDAP Directory by Domain Components (DC) and Organizational Units (OU). For our example we will setup an External Domain in DocuShare to authenticate users who are members of the Digital Actors Team in the InfoDev department at DSBU within Xerox Corporation. In our example, the DIT root of the DN for Duncan Donkey is shown here bolded: CN=Duncan Donkey, OU=Digital, OU=Actors, DC=infodev, DC=dsbu, DC=xerox, DC=com By defining the DIT root at this level in the hierarchy, external domains can be created for each department/team within DSBU. B. The User RDN Key The User RDN Key is the attribute alias used to identify the User. In our example, the User RDN key of the DN for Duncan Donkey is shown here bolded: CN=Duncan Donkey, OU=Digital, OU=Actors, DC=infodev, DC=dsbu, DC=xerox, DC=com C. The Relative Authentication and Directory Service Locators The Relative Authentication and Directory Service Locators are the pointers to the directory branch of the external domain that contains a specific user, users, or group. DocuShare LDAP/Active Directory Guide 2 25
30 The Active Directory LDIFDE command LDAP/DocuShare configuration In our example, the Relative Authentication and Directory Service Locator is shown here bolded: CN=Duncan Donkey, OU=Digital, OU=Actors, DC=infodev, DC=dsbu, DC=xerox, DC=com. D. Bind User Attributes The text file generated by the FDIFDE command contains the attributes alias that are used to identify the last name, user name, and address of each user listed. You will use these attributes aliases to configure the DocuShare LDAP Bind User properties. In the FDIFDE command text file, users within the LDAP directory are identified with the entry objectclass: user. In our example, you will find the LDAP attribute aliases for the following properties: Last Name = sn User Name = samaccountname Address = mail In our example, the values given to these LDAP attribute aliases are: sn: Donkey samaccountname: duncan mail: ddonkey@infodev.xerox.com E. Bind Group Attributes The text file generated by the FDIFDE command contains the attributes alias that are used to identify the title, description, and summary information of each group listed. You will use these attributes aliases to configure the DocuShare LDAP Bind Group properties. In the FDIFDE command text file, groups within the LDAP directory are identified with the entry objectclass: group. In our example, you will find the LDAP attribute aliases for the following properties: Title = cn Description = description Summary = info In our example, the values given to these LDAP attribute aliases are: cn: labusers description: InfoDev Lab Users summary: Authorized Login User to the InfoDev Lab 2 26 Release 4.0
Step-by-Step Guide to Active Directory Bulk Import and Export
Page 1 of 12 TechNet Home > Windows Server TechCenter > Identity and Directory Services > Active Directory > Step By Step Step-by-Step Guide to Active Directory Bulk Import and Export Published: September
More informationActive Directory Commands ( www.ostadbook.com )
CSVDE Script Example: Active Directory Commands ( www.ostadbook.com ) 1 Dn, samaccountname, userprincipalname, department, useraccountcontrol, objectclass "CN=Amir Nosrati,OU=IT,DC=Ostadbook,DC=com",Amir-n,Amir-n@Ostadbook.com,MCSE,512,user
More informationUser Management Resource Administrator. Managing LDAP directory services with UMRA
User Management Resource Administrator Managing LDAP directory services with UMRA Copyright 2005, Tools4Ever B.V. All rights reserved. No part of the contents of this user guide may be reproduced or transmitted
More informationActive Directory LDAP Quota and Admin account authentication and management
Active Directory LDAP Quota and Admin account authentication and management Version 4.1 Updated July 2014 GoPrint Systems 2014 GoPrint Systems, Inc, All rights reserved. One Annabel Lane, Suite 105 San
More informationSonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support
SonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support Document Scope This document describes the integration of SonicOS Enhanced 3.2 with Lightweight Directory
More informationPriveonLabs Research. Cisco Security Agent Protection Series:
Cisco Security Agent Protection Series: Enabling LDAP for CSA Management Center SSO Authentication For CSA 5.2 Versions 5.2.0.245 and up Fred Parks Systems Consultant 3/25/2008 2008 Priveon, Inc. www.priveonlabs.com
More informationIntegration Guide. SafeNet Authentication Service. Integrating Active Directory Lightweight Services
SafeNet Authentication Service Integration Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information
More informationIntroduction... 1. Installing and Configuring the LDAP Server... 3. Configuring Yealink IP Phones... 30. Using LDAP Phonebook...
Introduction... 1 Installing and Configuring the LDAP Server... 3 OpenLDAP... 3 Installing the OpenLDAP Server... 3 Configuring the OpenLDAP Server... 4 Configuring the LDAPExploreTool2... 8 Microsoft
More informationThe following gives an overview of LDAP from a user's perspective.
LDAP stands for Lightweight Directory Access Protocol, which is a client-server protocol for accessing a directory service. LDAP is a directory service protocol that runs over TCP/IP. The nitty-gritty
More informationUnifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Email Gateway
Unifying Information Security Implementing TLS on the CLEARSWIFT SECURE Email Gateway Contents 1 Introduction... 3 2 Understanding TLS... 4 3 Clearswift s Application of TLS... 5 3.1 Opportunistic TLS...
More informationBlackShield ID. QUICKStart Guide. Integrating Active Directory Lightweight Services
QUICKStart Guide Integrating Active Directory Lightweight Services 2010 CRYPTOCard Corp. All rights reserved. http://www.cryptocard.com Trademarks CRYPTOCard, CRYPTO Server, CRYPTO Web, CRYPTO Kit, CRYPTO
More informationUsing LDAP with Sentry Firmware and Sentry Power Manager (SPM)
Using LDAP with Sentry Firmware and Sentry Power Manager (SPM) Table of Contents Purpose LDAP Requirements Using LDAP with Sentry Firmware (GUI) Initiate a Sentry GUI Session Configuring LDAP for Active
More informationHow To Authenticate On An Xtma On A Pc Or Mac Or Ipad (For A Mac) On A Network With A Password Protected (For An Ipad) On An Ipa Or Ipa (For Mac) With A Log
WatchGuard Certified Training Fireware XTM Advanced Active Directory Authentication Courseware: Fireware XTM and WatchGuard System Manager v11.7 Revised: January 2013 Updated for: Fireware XTM v11.7 Disclaimer
More informationUsing LDAP Authentication in a PowerCenter Domain
Using LDAP Authentication in a PowerCenter Domain 2008 Informatica Corporation Overview LDAP user accounts can access PowerCenter applications. To provide LDAP user accounts access to the PowerCenter applications,
More informationHow To Enable A Websphere To Communicate With Ssl On An Ipad From Aaya One X Portal 1.1.3 On A Pc Or Macbook Or Ipad (For Acedo) On A Network With A Password Protected (
Avaya one X Portal 1.1.3 Lightweight Directory Access Protocol (LDAP) over Secure Socket Layer (SSL) Configuration This document provides configuration steps for Avaya one X Portal s 1.1.3 communication
More informationField Description Example. IP address of your DNS server. It is used to resolve fully qualified domain names
DataCove DT Active Directory Authentication In Active Directory (AD) authentication mode, the server uses NTLM v2 and LDAP protocols to authenticate users residing in Active Directory. The login procedure
More informationEntrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates
Entrust Managed Services Entrust Managed Services PKI Configuring secure LDAP with Domain Controller digital certificates Document issue: 1.0 Date of issue: October 2009 Copyright 2009 Entrust. All rights
More informationLDAP User Guide PowerSchool Premier 5.1 Student Information System
PowerSchool Premier 5.1 Student Information System Document Properties Copyright Owner Copyright 2007 Pearson Education, Inc. or its affiliates. All rights reserved. This document is the property of Pearson
More informationSonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support
SonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support Document Scope This document describes the integration of SonicOS Enhanced 3.2 with Lightweight Directory
More informationProxySG TechBrief LDAP Authentication with the ProxySG
ProxySG TechBrief LDAP Authentication with the ProxySG What is LDAP Authentication? Today, the network can include elements such as LANs, WANs, an intranet, and the Internet. Many enterprises have turned
More informationCustomer Tips. Xerox Network Scanning HTTP/HTTPS Configuration using Microsoft IIS. for the user. Purpose. Background
Xerox Multifunction Devices Customer Tips June 5, 2007 This document applies to these Xerox products: X WC Pro 232/238/245/ 255/265/275 for the user Xerox Network Scanning HTTP/HTTPS Configuration using
More informationSetting Up SSL on IIS6 for MEGA Advisor
Setting Up SSL on IIS6 for MEGA Advisor Revised: July 5, 2012 Created: February 1, 2008 Author: Melinda BODROGI CONTENTS Contents... 2 Principle... 3 Requirements... 4 Install the certification authority
More informationWebSpy Vantage Ultimate 2.2 Web Module Administrators Guide
WebSpy Vantage Ultimate 2.2 Web Module Administrators Guide This document is intended to help you get started using WebSpy Vantage Ultimate and the Web Module. For more detailed information, please see
More informationPolycom RealPresence Resource Manager System Getting Started Guide
[Type the document title] Polycom RealPresence Resource Manager System Getting Started Guide 8.0 August 2013 3725-72102-001B Polycom Document Title 1 Trademark Information POLYCOM and the names and marks
More informationAdeptia Suite LDAP Integration Guide
Adeptia Suite LDAP Integration Guide Version 6.2 Release Date February 24, 2015 343 West Erie, Suite 440 Chicago, IL 60654, USA Phone: (312) 229-1727 x111 Fax: (312) 229-1736 DOCUMENT INFORMATION Adeptia
More informationF-Secure Messaging Security Gateway. Deployment Guide
F-Secure Messaging Security Gateway Deployment Guide TOC F-Secure Messaging Security Gateway Contents Chapter 1: Deploying F-Secure Messaging Security Gateway...3 1.1 The typical product deployment model...4
More informationCA Performance Center
CA Performance Center Single Sign-On User Guide 2.4 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is
More informationCisco TelePresence Authenticating Cisco VCS Accounts Using LDAP
Cisco TelePresence Authenticating Cisco VCS Accounts Using LDAP Deployment Guide Cisco VCS X8.1 D14465.06 December 2013 Contents Introduction 3 Process summary 3 LDAP accessible authentication server configuration
More informationHow To Take Advantage Of Active Directory Support In Groupwise 2014
White Paper Collaboration Taking Advantage of Active Directory Support in GroupWise 2014 Flexibility and interoperability have always been hallmarks for Novell. That s why it should be no surprise that
More informationRSA Authentication Manager 7.1 Microsoft Active Directory Integration Guide
RSA Authentication Manager 7.1 Microsoft Active Directory Integration Guide Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks
More informationAdministrator s Guide
Administrator s Guide Directory Synchronization Client Websense Cloud Products v1.2 1996 2015, Websense, Inc. All rights reserved. 10900 Stonelake Blvd, 3rd Floor, Austin, TX 78759, USA First published
More informationEmbedded Web Server Security
Embedded Web Server Security Administrator's Guide September 2014 www.lexmark.com Model(s): C54x, C73x, C746, C748, C792, C925, C950, E260, E360, E46x, T65x, W850, X264, X36x, X46x, X543, X544, X546, X548,
More informationNSi Mobile Installation Guide. Version 6.2
NSi Mobile Installation Guide Version 6.2 Revision History Version Date 1.0 October 2, 2012 2.0 September 18, 2013 2 CONTENTS TABLE OF CONTENTS PREFACE... 5 Purpose of this Document... 5 Version Compatibility...
More informationInstallation and Configuration Guide
Entrust Managed Services PKI Auto-enrollment Server 7.0 Installation and Configuration Guide Document issue: 1.0 Date of Issue: July 2009 Copyright 2009 Entrust. All rights reserved. Entrust is a trademark
More informationIntegrating PISTON OPENSTACK 3.0 with Microsoft Active Directory
Integrating PISTON OPENSTACK 3.0 with Microsoft Active Directory May 21, 2014 This edition of this document applies to Piston OpenStack 3.0. To send us your comments about this document, e-mail documentation@pistoncloud.com.
More informationASA 8.x Manually Install 3rd Party Vendor Certificates for use with WebVPN Configuration Example
ASA 8.x Manually Install 3rd Party Vendor Certificates for use with WebVPN Configuration Example Document ID: 98596 Contents Introduction Prerequisites Requirements Components Used Conventions Configure
More informationSkyward LDAP Launch Kit Table of Contents
04.30.2015 Table of Contents What is LDAP and what is it used for?... 3 Can Cloud Hosted (ISCorp) Customers use LDAP?... 3 What is Advanced LDAP?... 3 Does LDAP support single sign-on?... 4 How do I know
More informationLDAP Authentication and Authorization
LDAP Authentication and Authorization What is LDAP Authentication? Today, the network can include elements such as LANs, WANs, an intranet, and the Internet. Many enterprises have turned to centralized
More informationBasic Configuration. Key Operator Tools older products. Program/Change LDAP Server (page 3 of keyop tools) Use LDAP Server must be ON to work
Where to configure: User Tools Basic Configuration Key Operator Tools older products Program/Change LDAP Server (page 3 of keyop tools) Use LDAP Server must be ON to work Administrator Tools newest products
More informationPolycom RealPresence Resource Manager System Administrator s Guide
Polycom RealPresence Resource Manager System Administrator s Guide 7.0.0 August 2012 3725-72110-001A Trademark Information Polycom and the names and marks associated with Polycom's products are trademarks
More informationAutomatic Deployment and Authentication Guide
This document gives administrators an overview of automatically deploying insync. www.druva.com Table of Contents Contents Introduction... 3 insyncconfig.ini File Composition... 3 Druva Automatic Deployment
More informationSETUP SSL IN SHAREPOINT 2013 (USING SELF-SIGNED CERTIFICATE)
12/15/2012 WALISYSTEMSINC.COM SETUP SSL IN SHAREPOINT 2013 (USING SELF-SIGNED CERTIFICATE) Setup SSL in SharePoint 2013 In the last article (link below), you learned how to setup SSL in SharePoint 2013
More informationHow to integrate hp OpenView Service Desk with Microsoft Active Directory
How to integrate hp OpenView Service Desk with Microsoft Active Directory Copyright 2004 Page 1 of 26 Table of Contents Introduction 3 What is Active Directory 4 Installing Active Directory... 5 Working
More informationHP Device Manager 4.7
Technical white paper HP Device Manager 4.7 LDAP Troubleshooting Guide Table of contents Introduction... 2 HPDM LDAP-related context and background... 2 LDAP in HPDM... 2 Full domain account name login...
More informationHP Device Manager 4.6
Technical white paper HP Device Manager 4.6 LDAP Troubleshooting Guide Table of contents Introduction... 2 HPDM LDAP-related context and background... 2 LDAP in HPDM... 2 Configuring User Authentication...
More informationSynchronization Tool. Administrator Guide
Synchronization Tool Administrator Guide Synchronization Tool Administrator Guide Documentation version: 1.5 Legal Notice Legal Notice Copyright 2013 Symantec Corporation. All rights reserved. Symantec,
More informationDESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014
DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014 Contents Overview... 2 System requirements:... 2 Before installing... 3 Download and installation... 3 Configure DESLock+ Enterprise Server...
More informationSecurity Provider Integration LDAP Server
Security Provider Integration LDAP Server 2015 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property
More informationEmbedded Web Server Security
Embedded Web Server Security Administrator's Guide September 2014 www.lexmark.com Model(s): MS911de, MX910de, MX911, MX912, XM9145, XM9155, XM9165, CS310, CS410, CS510, CX310, CX410, CX510, M1140, M1145,
More informationLepide Active Directory Self Service. Configuration Guide. Follow the simple steps given in this document to start working with
Lepide Active Directory Self Service Configuration Guide 2014 Follow the simple steps given in this document to start working with Lepide Active Directory Self Service Table of Contents 1. Introduction...3
More informationHow to Enable LDAP Directory Services Authentication to Microsoft Active Directory in the HP cclass Onboard Administrator
How to Enable LDAP Directory Services Authentication to Microsoft Active Directory in the HP cclass Onboard Administrator I. Certificate Services a. Install a Certificate Authority onto a Windows server
More informationTroubleshooting Active Directory Server
Proven Practice Troubleshooting Active Directory Server Product(s): IBM Cognos Series 7 Area of Interest: Security Troubleshooting Active Directory Server 2 Copyright Copyright 2008 Cognos ULC (formerly
More informationConfiguring Sponsor Authentication
CHAPTER 4 Sponsors are the people who use Cisco NAC Guest Server to create guest accounts. Sponsor authentication authenticates sponsor users to the Sponsor interface of the Guest Server. There are five
More informationCustomer Tips. Configuring Color Access on the WorkCentre 7328/7335/7345 using Windows Active Directory. for the user. Overview
Xerox Multifunction Devices Customer Tips February 13, 2008 This document applies to the stated Xerox products. It is assumed that your device is equipped with the appropriate option(s) to support the
More informationADFS Integration Guidelines
ADFS Integration Guidelines Version 1.6 updated March 13 th 2014 Table of contents About This Guide 3 Requirements 3 Part 1 Configure Marcombox in the ADFS Environment 4 Part 2 Add Relying Party in ADFS
More informationIIS, FTP Server and Windows
IIS, FTP Server and Windows The Objective: To setup, configure and test FTP server. Requirement: Any version of the Windows 2000 Server. FTP Windows s component. Internet Information Services, IIS. Steps:
More informationLDAP and Active Directory Guide
LDAP and Active Directory Guide Contents LDAP and Active Directory Guide...2 Overview...2 Configuring for LDAP During Setup...2 Deciding How to Use Data from LDAP... 2 Starting the Setup Tool... 3 Configuring
More informationClick Studios. Passwordstate. Installation Instructions
Passwordstate Installation Instructions This document and the information controlled therein is the property of Click Studios. It must not be reproduced in whole/part, or otherwise disclosed, without prior
More informationLDAP Implementation AP561x KVM Switches. All content in this presentation is protected 2008 American Power Conversion Corporation
LDAP Implementation AP561x KVM Switches All content in this presentation is protected 2008 American Power Conversion Corporation LDAP Implementation Does not require LDAP Schema to be touched! Uses existing
More informationLDAP Directory Integration with Cisco Unity Connection
CHAPTER 6 LDAP Directory Integration with Cisco Unity Connection The Lightweight Directory Access Protocol (LDAP) provides applications like Cisco Unity Connection with a standard method for accessing
More informationSecure IIS Web Server with SSL
Secure IIS Web Server with SSL EventTracker v7.x Publication Date: Sep 30, 2014 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract The purpose of this document is to help
More informationDirectory Configuration Guide
Entrust IdentityGuard 8.1 Directory Configuration Guide Document issue: 1.0 Date of Issue: June 2006 Copyright 2006 Entrust. All rights reserved. Entrust is a trademark or a registered trademark of Entrust,
More informationMicrosoft Active Directory Oracle Enterprise Gateway Integration Guide
An Oracle White Paper May 2011 Microsoft Active Directory Oracle Enterprise Gateway Integration Guide 1/33 Disclaimer The following is intended to outline our general product direction. It is intended
More informationUpgrading User-ID. Tech Note PAN-OS 4.1. 2011, Palo Alto Networks, Inc.
Upgrading User-ID Tech Note PAN-OS 4.1 Revision B 2011, Palo Alto Networks, Inc. Overview PAN-OS 4.1 introduces significant improvements in the User-ID feature by adding support for multiple user directories,
More informationManaging Identities and Admin Access
CHAPTER 4 This chapter describes how Cisco Identity Services Engine (ISE) manages its network identities and access to its resources using role-based access control policies, permissions, and settings.
More informationRoomWizard Synchronization Software Manual Installation Instructions
2 RoomWizard Synchronization Software Manual Installation Instructions Table of Contents Exchange Server Configuration... 4 RoomWizard Synchronization Software Installation and Configuration... 5 System
More information1 Introduction. Ubuntu Linux Server & Client and Active Directory. www.exacq.com Page 1 of 14
Ubuntu Linux Server & Client and Active Directory 1 Introduction For an organization using Active Directory (AD) for user management of information technology services, integrating exacqvision into the
More informationConfiguring Color Access on the WorkCentre 7120 Using Microsoft Active Directory Customer Tip
Configuring Color Access on the WorkCentre 7120 Using Microsoft Active Directory Customer Tip October 21, 2010 Overview This document describes how to limit access to color copying and printing on the
More informationC O N F I G U R I N G O P E N L D A P F O R S S L / T L S C O M M U N I C A T I O N
H Y P E R I O N S H A R E D S E R V I C E S R E L E A S E 9. 3. 1. 1 C O N F I G U R I N G O P E N L D A P F O R S S L / T L S C O M M U N I C A T I O N CONTENTS IN BRIEF About this Document... 2 About
More information1 Introduction. Windows Server & Client and Active Directory. www.exacq.com
Windows Server & Client and Active Directory 1 Introduction For an organization using Active Directory (AD) for user management of information technology services, integrating exacqvision into the AD infrastructure
More informationDeploying ModusGate with Exchange Server. (Version 4.0+)
Deploying ModusGate with Exchange Server (Version 4.0+) Active Directory and LDAP: Overview... 3 ModusGate/Exchange Server Deployment Strategies... 4 Basic Requirements for ModusGate & Exchange Server
More informationServer Installation Guide ZENworks Patch Management 6.4 SP2
Server Installation Guide ZENworks Patch Management 6.4 SP2 02_016N 6.4SP2 Server Installation Guide - 2 - Notices Version Information ZENworks Patch Management Server Installation Guide - ZENworks Patch
More informationUser Management Guide
AlienVault Unified Security Management (USM) 4.x-5.x User Management Guide USM v4.x-5.x User Management Guide, rev 1 Copyright 2015 AlienVault, Inc. All rights reserved. The AlienVault Logo, AlienVault,
More informationNetwork-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2
Contents Introduction--1 Content and Purpose of This Guide...........................1 User Management.........................................2 Types of user accounts2 Security--3 Security Features.........................................3
More informationApp Orchestration 2.5
Configuring NetScaler 10.5 Load Balancing with StoreFront 2.5.2 and NetScaler Gateway for Prepared by: James Richards Last Updated: August 20, 2014 Contents Introduction... 3 Configure the NetScaler load
More informationInstalling, Uninstalling, and Upgrading Service Monitor
CHAPTER 2 Installing, Uninstalling, and Upgrading Service Monitor This section contains the following topics: Preparing to Install Service Monitor, page 2-1 Installing Cisco Unified Service Monitor, page
More informationNovell Identity Manager
AUTHORIZED DOCUMENTATION Driver for LDAP Implementation Guide Novell Identity Manager 3.6.1 December 04, 2009 www.novell.com Legal Notices Novell, Inc. makes no representations or warranties with respect
More informationWhite Paper. Installation and Configuration of Fabasoft Folio IMAP Service. Fabasoft Folio 2015 Update Rollup 3
White Paper Fabasoft Folio 2015 Update Rollup 3 Copyright Fabasoft R&D GmbH, Linz, Austria, 2016. All rights reserved. All hardware and software names used are registered trade names and/or registered
More informationConfiguring idrac6 for Directory Services
Configuring idrac6 for Directory Services Instructions for Setting Up idrac6 with Active Directory, Novell, Fedora, OpenDS and OpenLDAP Directory Services. A Dell Technical White Paper Dell Product Group
More informationDell KACE K1000 System Management Appliance Version 5.4. Service Desk Administrator Guide
Dell KACE K1000 System Management Appliance Version 5.4 Service Desk Administrator Guide October 2012 2004-2012 Dell Inc. All rights reserved. Reproduction of these materials in any manner whatsoever without
More informationPre-configured AS2 Host Quick-Start Guide
Pre-configured AS2 Host Quick-Start Guide Document Version 2.2, October 19, 2004 Copyright 2004 Cleo Communications Refer to the Cleo website at http://www.cleo.com/products/lexihubs.asp for the current
More informationLDAP Server Configuration Example
ATEN Help File LDAP Server Configuration Example Introduction The KVM Over the NET switch allows log in authentication and authorization through external programs. This chapter provides an example of how
More informationVMware Identity Manager Administration
VMware Identity Manager Administration VMware Identity Manager 2.4 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new
More informationConfiguration Guide. BES12 Cloud
Configuration Guide BES12 Cloud Published: 2016-04-08 SWD-20160408113328879 Contents About this guide... 6 Getting started... 7 Configuring BES12 for the first time...7 Administrator permissions you need
More informationClearswift Information Governance
Clearswift Information Governance Implementing the CLEARSWIFT SECURE Encryption Portal on the CLEARSWIFT SECURE Email Gateway Version 1.10 02/09/13 Contents 1 Introduction... 3 2 How it Works... 4 3 Configuration
More informationConfiguring IBM WebSphere Application Server 7 for Secure Sockets Layer and Client-Certificate Authentication on SAS 9.3 Enterprise BI Server Web
Configuring IBM WebSphere Application Server 7 for Secure Sockets Layer and Client-Certificate Authentication on SAS 9.3 Enterprise BI Server Web Applications Configuring IBM WebSphere 7 for SSL and Client-Certificate
More informationeprism Enterprise Tech Notes
eprism Enterprise Tech Notes Utilizing Microsoft Active Directory for eprism s Directory Services Context eprism can integrate with an existing LDAP (Lightweight Directory Access Protocol) directory for
More informationPassword Reset Server Installation Guide Windows 8 / 8.1 Windows Server 2012 / R2
Password Reset Server Installation Guide Windows 8 / 8.1 Windows Server 2012 / R2 Last revised: November 12, 2014 Table of Contents Table of Contents... 2 I. Introduction... 4 A. ASP.NET Website... 4 B.
More informationClient Authenticated SSL Server Setup Guide for Microsoft Windows IIS
Page 1 of 20 PROTECTID Client Authenticated SSL Server Setup Guide for Microsoft Windows IIS Document: MK UM 01180405 01 ProtectIDclientAuthSSLsetupIIS.doc Page 2 of 20 Copyright 2005 Sentry Project Management
More information800-782-3762 www.stbernard.com. Active Directory 2008 Implementation. Version 6.410
800-782-3762 www.stbernard.com Active Directory 2008 Implementation Version 6.410 Contents 1 INTRODUCTION...2 1.1 Scope... 2 1.2 Definition of Terms... 2 2 SERVER CONFIGURATION...3 2.1 Supported Deployment
More informationStarTeam/CaliberRM LDAP QuickStart Manager 2009. Administration Guide
StarTeam/CaliberRM LDAP QuickStart Manager 2009 Administration Guide Borland Software Corporation 8310 N Capital of Texas Bldg 2, Ste 100 Austin, TX 78731 USA http://www.borland.com Borland Software Corporation
More informationCertificate Request Generation and Certificate Installation Instructions for IIS 5 April 14, 2006
Certificate Request Generation and Certificate Installation Instructions for IIS 5 April 14, 2006 1 1. Generating the Certificate Request In this procedure, you will use the Internet Information Services
More informationIntroduction to Mobile Access Gateway Installation
Introduction to Mobile Access Gateway Installation This document describes the installation process for the Mobile Access Gateway (MAG), which is an enterprise integration component that provides a secure
More informationNexio Insight LDAP Synchronization Service
Nexio Insight LDAP Synchronization Service 15-May-2015 Revision: Release Publication Information 2015 Imagine Communications Corp. Proprietary and Confidential. Imagine Communications considers this document
More informationLDAP Server Configuration Example
ATEN Help File LDAP Server Configuration Example Introduction KVM Over the NET switches allow log in authentication and authorization through external programs. This help file provides an example of how
More informationConfiguring and Using the TMM with LDAP / Active Directory
Configuring and Using the TMM with LDAP / Active Lenovo ThinkServer April 27, 2012 Version 1.0 Contents Configuring and using the TMM with LDAP / Active... 3 Configuring the TMM to use LDAP... 3 Configuring
More informationFileCruiser. VA2600 SR1 Quick Configuration Guide
FileCruiser VA2600 SR1 Quick Configuration Guide Contents About this guide 1 Setup FileCruiser 2 Get IP address 2 Login to the Administration Portal 3 Basic configuration with Setup Wizard 4 Step 1: Configure
More informationUse Enterprise SSO as the Credential Server for Protected Sites
Webthority HOW TO Use Enterprise SSO as the Credential Server for Protected Sites This document describes how to integrate Webthority with Enterprise SSO version 8.0.2 or 8.0.3. Webthority can be configured
More informationMadCap Software. Upgrading Guide. Pulse
MadCap Software Upgrading Guide Pulse Copyright 2014 MadCap Software. All rights reserved. Information in this document is subject to change without notice. The software described in this document is furnished
More informationTenrox. Single Sign-On (SSO) Setup Guide. January, 2012. 2012 Tenrox. All rights reserved.
Tenrox Single Sign-On (SSO) Setup Guide January, 2012 2012 Tenrox. All rights reserved. About this Guide This guide provides a high-level technical overview of the Tenrox Single Sign-On (SSO) architecture,
More information