To configure LDAP authentication by using the configuration utility

1. Navigate toNetScaler Gateway>Policies>Authentication.

2. ClickLDAP.

3. In the details pane, on thePoliciestab, clickAdd.

4. InName, type a name for the policy.

5. Next toServer, clickNew.

6. InName, type the name of the server.

7. UnderServer, inIP Address and Port, type the IP address and port number of the LDAP server.

8. InType, select eitherADfor Active Directory orNDSfor Novell Directory Services.

9. UnderConnection Settings, complete the following:

   1. InBase DN (location of users), type the base DN under which users are located. Base DN search the users located under the selected directory (AD or NDS).

      The base DN is derived from the Bind DN by removing the user name and specifying the group where users are located. Examples of the syntax for base DN are:

      ou=users,dc=ace,dc=com cn=Users,dc=ace,dc=com 

   2. InAdministrator Bind DN, type the administrator bind DN for queries to the LDAP directory. Examples for the syntax of bind DN are:

      domain/user name ou=administrator,dc=ace,dc=com user@domain.name (for Active Directory) cn=Administrator,cn=Users,dc=ace,dc=com 

      Active Directory, the group name specified as cn=groupname is required. The group name that you define in NetScaler Gateway and the group name on the LDAP server must be identical.

      For other LDAP directories, the group name either is not required or, if necessary, is specified as ou=groupname.

      NetScaler Gateway binds to the LDAP server using the administrator credentials and then searches for the user. After locating the user, NetScaler Gateway unbinds the administrator credentials and rebinds with the user credentials.

   3. InAdministrator Password and Confirm Administrator Password, type the administrator password for the LDAP server.

10. To retrieve more LDAP settings automatically, clickRetrieve Attributes.

    When you clickRetrieve Attributes, the fields under Other Settings populate automatically. If you want to ignore this step, continue with Steps 12 and 13. Otherwise, skip to Step 14.

11. UnderOther Settings, in Server Logon Name Attribute, type the attribute under which NetScaler Gateway must look for user logon names for the LDAP server that you are configuring. The default issamAccountName.

12. InSearch Filter, type the value to search for the users associated with single or multiple active directory groups.

    For example, “memberOf=CN=GatewayAccess,OU=Groups,DC=Users,DC=lab”.

    Note

    You can use the preceding example to restrict NetScaler Gateway access only to the members of a specific AD group.

13. InGroup Attribute, leave the default memberOf for Active Directory or change the attribute to the attribute of the LDAP server type you are using. This attribute enables NetScaler Gateway to obtain the groups associated with a user during authorization.

14. InSecurityType, select the security type and then clickCreate.

15. To allow users to change their LDAP password, selectAllow Password Change.

    Note:

    • If you selectPLAINTEXTas the security type, allowing users to change their passwords is not supported.
    • If you selectPLAINTEXTorTLSfor security, use port number 389. If you selectSSL, use port number 636.