Policy Server Guides › Policy Server Configuration Guide › User Directories › How to Configure an Active Directory Directory Connection › Configure Active Directory Connections

Configure Active Directory Connections

You can configure a user directory connection that lets the Policy Server communicate with an Active Directory user store.

To configure the user directory connection

1. Click Infrastructure, Directory.
2. Click User Directory, Create User Directory.

   The Create User Directory pane opens.

   Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.

3. Select either AD or LDAP from the Namespace list on the Directory Setup group box.

   LDAP settings open.

   Note: Because Microsoft Active Directory is an LDAP-compliant user directory, you can configure an Active Directory connection using the AD namespace or the LDAP namespace.

4. Complete the remaining required connection information on the General and Directory Setup group boxes.

   Note: Consider the following:

   • For more information about an authenticated user's security context, see How a Windows User Security Context is Obtained.
   • If you plan to use an SSL connection from the Policy Server to an Active Directory namespace, you must specify the FQDN and port number in the Server field on the Directory Setup group box. When the FQDN is not specified, an error is logged that states the user directory cannot be contacted. A Windows Event is also logged that reports the certificate does not match the server name.

   Note: If the Policy Server is operating in FIPS mode and the directory connection is to use a secure SSL connection when communicating with the Policy Server, the certificates used by the Policy Server and the directory store must be FIPS compliant.

5. (Optional) Click Configure on the Directory Setup group box to configure load balancing and failover.

   Note: More information about load balancing and failover, see LDAP Load Balancing and Failover.

6. Select Require Credentials on the Administrator Credentials group box, and type the username and password of the administrator's account in the fields on the group box.

   Note: When configuring a user directory in the Active Directory (AD) namespace, you must specify the fully qualified domain name (FQDN) of the administrator in the Username field. Otherwise, user authentication can fail.

7. Type the LDAP Search and LDAP User DN Lookup settings in the fields on the LDAP Settings group box.
8. (Optional) Specify the user directory profile attributes that are reserved for SiteMinder's use in the fields on the User Attributes group box.
9. (Optional) Click Create on the Attribute Mapping List group box.

   The Create Attribute Mapping pane opens.

10. Click Submit.

    The Create User Directory task is submitted for processing.

More information:

LDAP Load Balancing and Failover

Directory Attributes Overview

Define an Attribute Mapping

How to Configure an LDAP User Directory Connection over SSL