The DSM Explorer › Control Panel › Configuration Folder › Configuration Policy › Default Computer Policy (or User-Defined Policy) Node › Common Components Policy Group › Directories Policy Group › Options Policy Group (directories)

Options Policy Group (directories)

The Options policy group provides general options used by the directory providers that let you fine-tune directory access. You can modify policy parameter values by double-clicking a policy to display the Setting Properties dialog.

Enable encryption on Active Directory LDAP connections

Indicates whether Active Directory communications are encrypted when using the native security package. This policy specifies whether Kerberos encryption should be used when communicating with an Active Directory domain controller in Kerberos mode. Set this value to 0 (False) to leave communications unencrypted, or set to nonzero to encrypt the communications.

Note: When using Windows XP or higher, NTLM encryption can also be supported.

Default: <locally managed>

Enable LDAP simple authentication

Allows simple authentication if set to 1. By default, all directory access is attempted in secure modes (Windows-negotiated security, TLS or SSL). In certain circumstances, it may be desirable to allow access using plain-text authentication. To allow plain-text authentication, set this value to nonzero.

Default: <locally managed>

Enable signing on Active Directory LDAP connections

Indicates whether Active Directory communications are signed when using the native security package. This policy specifies whether Kerberos signing should be used when communicating with an Active Directory domain controller in Kerberos mode. Set this value to 0 to leave communications unsigned (default), or set to nonzero to sign the communications.

Note: When using Windows XP or higher, NTLM signing can also be supported.

Default: <locally managed>

Ignore validation of server side SSL certificates

Indicates whether TLS/SSL certificates are used for encryption only. When connecting to a directory using TLS or SSL, the server-side certificate is usually validated to be from a trusted source; this operation is performed by the operating system or the LDAP libraries. In some circumstances it may be desirable to only require the use of TLS/SSL for encryption, and not for server-to-client authentication. Set to nonzero to bypass the verification of server-side certificates, or set to 0 to allow the operating system to validate the certificate authenticity.

Default: <locally managed>

Recurse Active Directory Groups

Indicates whether recursive Active Directory group membership is enabled. Active Directory allows nesting of groups within other groups whereas other directories usually do not. When performing group membership queries against an Active Directory implementation, this policy specifies whether the LDAP provider should recursively evaluate the group membership of child groups. Set to 0 to disable group membership recursion, or set to a nonzero value to enable recursive membership evaluation.

Default: <locally managed>