eDirectory

Novell eDirectory is an X.500 compatible directory service for centrally managing access to resources on multiple servers and computers within a given network. eDirectory is a hierarchical, object-oriented database that represents all the assets in an organization in a logical tree. Those assets can include people, servers, workstations, applications, printers, services, groups, and so on.

To configure eDirectory authentication, proceed as follows:

  1. On the Servers tab, click New Authentication Server.

    The dialog box Add Authentication Server opens.

  2. Specify the following settings:

    Backend: Select eDirectory as backend directory service.

    Position: Select a position for the backend server. Backend servers with lower numbers will be queried first. For better performance, make sure that the backend server that is likely to get the most requests is on top of the list.

    Server: Select or add an eDirectory server. For how to add a network definition, see Definitions & Users > Network Definitions > Network Definitions.

    SSL: Select this option to enable SSLClosed Secure Sockets Layer data transfer. The Port will then change from 389 (LDAPClosed Lightweight Directory Access Protocol) to 636 (ldaps = LDAP over SSL).

    Port: Enter the port of the eDirectory server. By default, this is port 389.

    Bind DN: The Distinguished Name (DN) of the user to bind to the server with. This user is needed if anonymous queries to the eDirectory server are not allowed. Note that the user must have sufficient privileges to obtain all relevant user object information from the eDirectory server in order to authenticate users. eDirectory users, groups, and containers can be specified by the full distinguished name in LDAP notation, using commas as delimiters (e.g., CN=administrator,DC=intranet,DC=example,DC=com).

    Password: Enter the password of the bind user.

    Test server settings: Pressing the Test button performs a bind test with the configured server. This verifies that the settings on this tab are correct, and the server is up and accepts connections.

    Base DN: The starting point relative to the root of the LDAP tree where the users are included who are to be authenticated. Note that the base DN must be specified by the full distinguished name (FDN) in LDAP notation, using commas as delimiters (e.g., O=Example,OU=RnD). Base DN may be empty. In this case, the base DN is automatically retrieved from the directory.

    Username: Enter the username of a test user to perform a regular authentication.

    Password: Enter the password of the test user.

    Authenticate example user: Click the Test button to start the authentication test for the test user. This verifies that all server settings are correct, the server is up and accepting connections, and users can be successfully authenticated.

  3. Optionally, make the following advanced settings:

    Authentication timeout (sec): Enter the timeout for the communication with the server to support higher latency scenarios if you use third party authentication solutions.

  4. Click Save.

    The server will be displayed in the Servers list.

Groups: eDirectory Browser of Sophos UTM