Kaspersky SD-WAN
2.3
English

Contents

Managing LDAP connections

The LDAP connection table is displayed in the Users on the LDAP connection tab. Information about LDAP connections is displayed in the following table columns:

  • Name is the name of the LDAP connection.
  • Type is the type of the connection. This column always displays LDAP.
  • Host is the host name of the remote server.

The actions you can perform with the table are described in the Managing solution component tables instructions.

In this section

Creating an LDAP connection

Editing an LDAP connection

Changing the password of an LDAP connection

Deleting an LDAP connection
Page top
[Topic 269611]

Creating an LDAP connection

If you want LDAP users or LDAP user groups to be able to log in to the orchestrator web interface using their credentials, you must first create an LDAP connection that the orchestrator uses to connect to the remote server, and then create your LDAP users or LDAP user groups.

To create an LDAP connection:

  1. In the menu, go to the Users section.

    The user management page is displayed. The Users tab, which is selected by default, displays the table of users.

  2. Select the LDAP connection tab.

    A table of LDAP connections is displayed.

  3. Click + LDAP.
  4. In the displayed settings area, in the Name field, enter the name of the LDAP connection.
  5. In the Domain field, enter the FQDN of the domain of the remote server.
  6. In the Domain alias field, enter the alias or NETBIOS name of the domain. Users enter the alias, NETBIOS name, or FQDN of the domain when logging into the orchestrator web interface.

    For example, if the FQDN of the domain is 'example.com' and the alias is 'example', a user named 'admin' can enter the following credentials when logging into the orchestrator web interface:

    • admin@example.com
    • admin@example
    • example.com\admin
    • example\admin
  7. In the LDAP host field, enter the host name of the remote server. The following host name formats are supported:
    • ldap://<host name>:<port number> for a standard LDAP server. The default port is 389.
    • ldaps://<host name>:<port number> for an LDAP server with SSL authentication. The default port is 636.

    For example, if you enter ldap://example.com:100, the host name of the remote server is 'example.com' and the port number is 100.

  8. In the Base DN field, enter the base distinguished name that the orchestrator uses as the starting point for searching user accounts in the remote server directory. The following base distinguished name formats are supported:
    • To search in OpenLDAP, enter the base distinguished name in the OU=<value>,OU=<value> format, where OU is the structure of organizational units in the remote server directory. For example, if you enter OU=OU_example1,OU=OU_example2, the starting point for searching user accounts is organizational unit OU_example2, which is nested in OU_example1.
    • To search in Microsoft Active Directory, enter the base distinguished name in the DC=<value>,DC=<value>, where DCs are the domain components of the remote server. For example, if you enter DC=example,DC=com, the starting point for searching user accounts is the 'example.com' domain.
  9. In the Search attribute drop-down list, select the attribute that the orchestrator uses to search for user accounts in the remote server directory:
    • uid (OpenLDAP) is the UID (user ID) for searching in OpenLDAP. This is the default setting.
    • sAMAccountName (Active Directory) is the pre-Windows 2000 logon name for searching in Microsoft Active Directory.
  10. In the Bind DN field, enter the distinguished name for authenticating the orchestrator on the remote server. The following distinguished name formats are supported:
    • For authentication in openLDAP, enter a value in the UID=<value>,OU=<value> format, where UID is the user ID and OU is the organizational unit structure in the remote server directory where the user is located. For example, if you enter UID=user_example,OU=OU_example, user user_example from organizational unit OU_example is used for authenticating the orchestrator on the remote server.
    • For authentication in Microsoft Active Directory, enter a value in the CN=<value>,OU=<value>,DC=<value>,DC=<value>, where CN is the common name of the user, OU is the organizational unit structure in the remote server directory that the user belongs to, and the DCs are the user's domain components. For example, if you enter CN=user_example,OU=OU_example,DC=example,DC=com, user user_example in organizational unit OU_example in the example.com domain is used for authenticating the orchestrator on the remote server.
  11. In the Bind password field, enter the remote server password for authenticating the orchestrator on the remote server. To see the entered password, you can click the show icon .
  12. To check if the remote server is available, click Test authentication.
  13. Click Create.

The LDAP connection is created and displayed in the table.

Page top
[Topic 267419]

Editing an LDAP connection

To edit an LDAP connection:

  1. In the menu, go to the Users section.

    The user management page is displayed. The Users tab, which is selected by default, displays the table of users.

  2. Select the LDAP connection tab.

    A table of LDAP connections is displayed.

  3. Click the LDAP connection that you want to edit.
  4. In the displayed settings area, edit the following LDAP connection settings, if necessary: For a description of the settings, see the instructions for creating a LDAP connection.
  5. Click Save.

The LDAP connection is modified and updated in the table.

Page top
[Topic 256217]

Changing the password of an LDAP connection

You can change the remote server password that was specified when the LDAP connection was created and make the orchestrator use the new password to authenticate with the remote server.

To change the password of an LDAP connection:

  1. In the menu, go to the Users section.

    The user management page is displayed. The Users tab, which is selected by default, displays the table of users.

  2. Select the LDAP connection tab.

    A table of LDAP connections is displayed.

  3. Click the LDAP connection for which you want to change the password.
  4. In the upper part of the displayed settings area, click the Management button → Change password.
  5. This opens a window; type the new password in the New password and Password confirmation text boxes.
  6. Click Save.

The LDAP connection password is changed.

Page top
[Topic 256225]

Deleting an LDAP connection

Deleted LDAP connections cannot be restored.

To delete an LDAP connection:

  1. In the menu, go to the Users section.

    The user management page is displayed. The Users tab, which is selected by default, displays the table of users.

  2. Select the LDAP connection tab.

    A table of LDAP connections is displayed.

  3. Click the LDAP connection that you want to delete.
  4. In the upper part of the displayed settings area, click Management→ Delete.
  5. In the confirmation window, click Delete.

The LDAP connection is deleted and is no longer displayed in the table.

Page top
[Topic 256222]