Select LDAP as the authentication mechanism. The LDAP Authentication Management screen appears, and displays a list of LDAP authentication mechanisms.
You can do one of the following:
- To edit an LDAP mechanism, click the LDAP Server Alias name.
- To add an LDAP mechanism, click Add LDAP Authentication Mechanism.
The Add/Update LDAP Authentication Mechanisms screen appears.
Enter or edit the following fields:
- Server Alias – Identifies this server in the Web interface.
- Server Name/IP – Hostname or IP address of your LDAP or Active Directory server.
- Server Type – Indicate whether this is a Novell eDirectory server. Select Novell eDirectory only if using single sign-on. Note: To add replicas, then select the server from the LDAP Authentication Management list. Click Edit to edit the replica entry.
- LDAP Port – The port for LDAP or Active Directory server. Default: 389
- LDAP Encryption – Select one of the encryption methods: None, TLS (Transport Layer Security), SSL
- Bind DN (Username) – Distinguished Name (DN) of a user in your directory that has Read access to all the users you want to import into the Barracuda Web Security Service Connector. Example: for Novell eDirectory: cn=admin
- Bind Password – Password for the user specified in the Bind DN field, above.
- LDAP Search Base – Base DN for your directory. Example: If your domain is test.com, your Base DN might be dc=test,dc=com
- UID Attribute – Attribute containing the username. Examples: for Open LDAP: cn; for Active Directory: sAMAccountName; for Novell eDirectory: cn
If needed, select Advanced Options, and then enter or edit the following fields which may be needed to properly associate users with groups and vice versa.
- Additional Filter – The filter to apply to LDAP searches.
- Member Groups Attribute – Contains a member's groups. Recommended for Active Directory: memberOf; Recommended for Novell eDirectory: groupMembership.
- Group Members Attribute – Contains a group's members. Recommended for Active Directory: member
Be sure to Submit then Save Changes. When prompted to sync the Barracuda Web Security Service Connector, click Sync.
To configure eDirectory replicas, add an additional LDAP server for each replica. While multiple LDAP servers can be configured, they must be for the same Domain, as the Barracuda Web Security Service Connector does not support multiple Domains. All usernames and groups are treated as a single domain. As a result, usernames and groups should be unique across all domains. Multiple LDAP servers from different Domains are not supported, and if configured, the behavior is unknown.