Lenovo ThinkServer TD200 User Manual
Page 40
v
To dynamically discover the LDAP server, select Use DNS to Find LDAP
Servers
.
If you choose to discover the LDAP server dynamically, the mechanisms that
are described by RFC2782 (a DNS RR for specifying the location of services)
are applied to find the server. This is known as DNS SRV. The parameters
are described in the following list:
Domain Source
The DNS SRV request that is sent to the DNS server must specify a
domain name. The LDAP client determines where to get this domain
name according to which option is selected. There are three options:
– Extract search domain from login id. The LDAP client uses the
domain name in the login ID. For example, if the login ID is
[email protected], the domain name is mycompany.com. If
the domain name cannot be extracted, the DNS SRV fails, causing the
user authentication to fail automatically.
– Use only configured search domain below. The LDAP client uses the
domain name that is configured in the Search Domain parameter.
– Try login id first, then configured value. The LDAP client first
attempts to extract the domain name from the login ID. If this is
successful, this domain name is used in the DNS SRV request. If no
domain name is present in the login ID, the LDAP client uses the
configured Search Domain parameter as the domain name in the DNS
SRV request. If nothing is configured, user authentication fails
immediately.
Search Domain
This parameter can be used as the domain name in the DNS SRV request,
depending on how the Domain Source parameter is configured.
Service Name
The DNS SRV request that is sent to the DNS server must also specify a
service name. The configured value is used. If this field is left blank, the
default value is ldap. The DNS SRV request must also specify a protocol
name. The default is tcp and is not configurable.
v
To use a preconfigured LDAP server, select Use Pre-Configured LDAP
Server
.
Note:
The port number for each server is optional. If the field is left blank,
the default value of 389 is used for nonsecured LDAP connections. For
secured connections, the default is 636. You must configure at least
one LDAP server.
You can configure the following parameters:
Root DN
This is the distinguished name (DN) of the root entry of the directory tree
on the LDAP server (for example, dn=mycompany,dc=com). This DN is
used as the base object for all searches.
UID Search Attribute
When the selected binding method is Anonymously or w/ Configured
Credentials
, the initial bind to the LDAP server is followed by a search
request that is aimed at retrieving specific information about the user,
including the user’s DN, login permissions, and group membership. This
search request must specify the attribute name that is used to represent
user IDs on that server. This attribute name is configured here.
34
Integrated Management Module: User Guide