Set Up LDAP Authentication on Director

book

Article ID: 166897

calendar_today

Updated On:

Products

Director

Issue/Introduction

How to setup LDAP authentication on Director?

Resolution

Note: You must be logged in as a privilege 15 user such as the default admin and admin user on the Symantec Director to perform the following tasks:

  1. 1. Launch the Director Management Console (DMC). To launch the DMC, enter the following URL into a Web browser: https://<IP_Address>:8082.
  2. 2. Select File > LDAP Configuration. The LDAP configuration screen displays.
  3. 3. Select the LDAP protocol version. The default is v3.
  4. 4. Configure LDAP server settings such as AD server IP address/hostname, port number, Base DN, Bind Username and Bind Password.
  5. Enter the email address for an administrative user (privilege 15 access) or preferably a group/distribution list of Director administrators. The email address is only required if you do not wish to permit privilege 15 access to all newly added LDAP users.  This email address is used to send a notification email when a new user attempts to log in to Director. Upon receiving the notification, the administrator must enable the username and assign a role for the new user. A new user cannot log in to the appliance until the account is enabled. Please make sure you have configured SMTP email server settings too.
  6. Click Apply and Test Configuration to validate your LDAP configuration.
  7. Configure the LDAP server as the default authentication repository.
    1. director(config)# aaa authentication login default LDAP local
    2. director(config)# write memory
  8. Enable and Authorize Access for AD User on the Director.
  • (config)# ldap-server username <username> userprincipalname <userprincipalname>
  • (config)# ldap-server username <username> userprincipalname <userprincipalname> enable
  • (config)# ldap-server username <username> userprincipalname <userprincipalname> privilege {1 | 7 | 15}
  • (config)# write memory

For example:

  • (config)# ldap-server username mount.everest userprincipalname [email protected]
  • (config)# ldap-server username mount.everest userprincipalname [email protected] enable
  • (config)# ldap-server username mount.everest userprincipalname [email protected] privilege 15
  • (config)# write memory