To add an LDAP external authentication service:

1. Click the Users tab.

2. Click Authentication Services in the top navigation bar. The User Authentication Services

window will open.

3. Click Add. The Add Authentication Service Wizard will appear.

4. The Provide Authentication Service Name and Type window will open.

a. Type a name for the external authentication service.

b. Select LDAP from the Type menu.

Chapter 6: Authentication Services 89

c. Click Next.

5. The Specify LDAP Connection Settings window will open.

a. Type the address of the LDAP host in dot notation format (xxx.xxx.xxx.xxx) or type the

DNS host name in the Host Address field.

b. Type the number of the port for connecting to the LDAP host in the Port Number field.

c. Specify an SSL encryption mode:

• Click Do Not Use SSL to have authentication performed using unencrypted clear text

instead of SSL encryption. This method is the least secure and automatically sets the

Port Number field to a default port number of 389.

• Click Use SSL in Trust All Mode to use SSL encryption for data transmission. All

server certificates will be trusted and automatically accepted by the DSView 3

software for transmitting data. This SSL method provides medium security and

automatically sets the Port Number field to a default port number of 636.

This encryption mode is not recommended for wide area networks (WANs).

• Click Use SSL in Certificate-based Trust Mode to use SSL encryption for data

transmission. The DSView 3 software will approve the server and then the certificate

before transmitting data. This SSL method provides maximum security and

automatically sets the Port Number field to a default port number of 636.

d. Click Enable Chasing of Referrals if you wish to allow the LDAP server to refer DSView

3 software clients to additional directory servers.

e. Click Next.

If you selected Use SSL in Certificate-based Trust Mode, go to step 6.

If you selected Do Not Use SSL or Use SSL in Trust All Mode, go to step 10.

6. The DSView 3 server will try to find a server that has a trusted certificate chain. If no trusted certificate chain is found, then the Accept Certificate window will open and list all servers that belong to the domain. It will also list the reasons for rejection of the certificate chain.

7. Click Next to accept the certificate.

8. The Specify LDAP User Schema window will open.

a. Type the Base distinguished name (DN) from which to begin searches. This is a required

field unless the Directory Service has been configured to allow anonymous search. Each

Search DN value must be separated by a comma.

b. Type the key attribute. The default value is common name (cn).

c. Type the object class. The default value is person.

d. Type the full name attribute. The default value is surname (sn).

e. Click Next.

9. The Specify LDAP Group Schema window will open.

a. Type the Base distinguished name (DN) from which to begin searches. This is a required

field unless the Directory Service has been configured to allow anonymous search. Each

Search DN value must be separated by a comma.

b. Type the object class. The default value is group.

c. Type the member attribute. The default value is member.

d. Type the username member attribute (only the username, not the full LDAP object DN).

The user’s group membership will be located using this attribute in addition to the

member attribute. This attribute is primarily used with NIS-like schemas.

e. Click Next.

10. The Select Browsing Method window will open.

Click Browse Anonymously to browse users on the external LDAP authentication server.

-or-

Click Browse with user credentials to browse users on the external LDAP authentication based

on credentials configured on the server. If this option is selected, do the following:

a. Type a log in ID in the User Name field, in one of two forms: a fully qualified

distinguished name or the username of an account in the base user DN.

b. Type the password for the LDAP user account in the Password field.

c. Click Next.

11. The Establish Connection with Authentication Service window will open briefly. If the

external authentication service is added successfully, the Completed Successful window will

open.

12. Click Finish. The User Authentication Services window will open with the new service listed.