Previous Topic: How to Configure and Authenticate External DirectoriesNext Topic: Refine/Define Schema Mapping Details

The DSM ExplorerControl PanelHow to Configure and Authenticate External DirectoriesScalability Server Properties DialogSpecify Directory Server Details

Specify Directory Server Details

Use the Server Details wizard page to specify the name of the directory server holding the directory you are adding and the port number to which you are connecting.

Note: For external directories that use Secure Sockets Layer (SSL), the certificate that the Lightweight Directory Access Protocol (LDAP) server uses must be valid and certifiable through the Microsoft Windows certificate authority chain. Previous versions of Windows gave the LDAP developer the opportunity to verify certificates; however, Windows 2003 SSL enforces this for you.

Follow these steps:

  1. Enter the name of the name of the server supporting the directory in the Server Name field.
  2. Enter the directory service's port number in the Port field.

    The directory client always attempts to create a secure encrypted connection to the directory using the port specified here. Some directories support port 389 for secure and insecure communications. Some directories also support port 636 as a secure-only channel. Your directory administrator can tell you which port to use.

    For the port specified, a secure channel is used if one is available; otherwise, if the port specified allows insecure communication, this is used. (If insecure communication is not acceptable, the directory import is rejected with a corresponding error message when you click Finish.)

    Note: Common configuration policies for directories—in particular, the Enable LDAP simple authentication policy—can have an impact on whether authentication can take place over an insecure communication channel.

  3. Click Next to go to the Directory Binding page.

Note: If, after adding an LDAP directory, the specified access port is changed, the original security authority is not removed correctly and the security authority list may contain an invalid security authority. This has no functional impact on CA ITCM, but the original security authority is listed as valid in security dialogs. Removing the extraneous security authority requires a tool from Technical Support. Contact your support representative and request the cfspsetpass utility.

Specify Directory Binding Information

Use the Directory Binding wizard page to specify whether you want to access the directory anonymously or with user credentials.

Follow these steps:

  1. (Optional) Select the Use Anonymous Binding option. By default, this option is not selected (False).

    Note: If selected, you may have limited or no access to the directory.

  2. Enter the user name and password in the appropriate fields.
  3. (Optional) Select the Use Secure Protocol (LDAPS) option. If you select this option, the secure LDAPS protocol is used instead of LDAP. However, ensure that LDAPS is supported by the directory you are configuring.

    Note: This field appears only if you are configuring an Active Directory or LDAP directory.

  4. Click Next to go to the Base Directory Node page.

Specify the Base Directory Node Details

Use the Base Directory Node wizard page to specify the root node from which directory browsing starts.

Follow these steps:

  1. In the Base Directory Node field, enter the Distinguished Name (DN) of the root object for browsing the current directory.

    Note: Try to use the lowest possible Base DN in the directory hierarchy as possible to ensure that searches are more efficient. Your directory administrator can tell you the best value to use.

  2. Click Next to go to the Choose Schema Mapping page.

Choose Schema Mapping Attributes

Use the Choose Schema Mapping wizard page to specify the schema mapping for your directory. You can either select a predefined, common schema map or define one of your own.

Follow these steps:

  1. (Optional) Select the Define New Mapping option if you want to use your own schema mapping.

    This option lets you define a mapping of the attribute names associated with data objects (such as users, computers, and groups) in your external directory to those attribute names used by corresponding DSM objects.

  2. Select a predefined schema map using one of the Schema Maps options. Valid options are Active Directory , eTrust Directory, and NDS Directory.

    Default:Active Directory

  3. Click Next to go to the Refine/Define Schema Mapping page.