Previous Topic: User Store PlanningNext Topic: CA SiteMinder Worksheet

Implementation GuidePlanning Your EnvironmentUser and Access PlanningUser Store PlanningExternal LDAP Directory Worksheet

External LDAP Directory Worksheet

Before you reference an external LDAP directory, gather the following configuration information:

Required information

Value

Comments

Type

 

Note the type of directory you are using. CA User Activity Reporting Module supports several different directories including Microsoft Active Directory, and Sun ONE Directory.

Refer to the user interface for a complete list of supported directories.

Host

 

Record the host name of the server for the external user store or directory.

Port

 

Record the port number on which the external user store or directory server listens. Port 389 is the well-known port for LDAP (Lightweight Directory Access Protocol). If your registry server does not use port 389, record the correct port number.

Base DN

 

Record the LDAP distinguished name (DN) that is used as the base. The DN is a unique identifier for an entry in an LDAP directory tree structure. No spaces are allowed in the Base DN. Only global users and groups discovered underneath this DN are mapped and can be assigned a CA User Activity Reporting Module application group or role.

Password

 

Enter and confirm the password for the user listed in the User DN row.

User DN

 

Enter the valid user credentials for any valid user in the user registry whose user record is searchable. Enter the complete distinguished name (DN) of the user.

You can log in with any user ID that has an administrative role. The User DN and associated password are the credentials used to attach to the external directory host.

Use Transport Layer Security (TLS)

 

Specifies whether your user store is to use the TSL framework to protect plain text transmissions. When selected, TLS is used when making the LDAP connection to the external directory.

Include Unmapped Attributes

 

Specifies whether to include fields that are not synchronized from the LDAP directory. External attributes that are not mapped can be used for searching and as filters.

Cache Global Users

 

Specifies whether to store global users in memory for quick access. Selection allows for faster lookups at the cost of scalability. For a small test environment, selection is recommended.

Cache Update Time

 

If you selected to cache Global Users, specify the frequency, in minutes, for updating the cached global groups and users to include new and changed records.

Retrieve Exchange Groups as Global User Groups

 

If the type of external directory is Microsoft Active Directory, this option specifies that you want to create global groups from Microsoft Exchange group information. If selected, you can write policies against members of distribution lists.

More information:

Reference an LDAP Directory