Menu

Add a directory connector

Add a directory connector to extract required client’s information on the directory server.

To add a directory connector, complete the following steps:

1. Navigate to Advanced > Directory Integration > Directory Service.

2. On the “Directory Service” page, click Add.

3. On the “Add Directory Service” page, enter the following information:

  • Service ID: Enter a Service ID of up to 50 characters containing letters, numbers, and special characters (only dashes and underscores are allowed).
  • Service Name: Enter a Service name to distinguish it from other directory connectors.
  • Status: Select the status of the directory connector to use. The default value is Activated.
  • Pool Name: Select the pool (directory server) that you have already created for directory servers in the Admin Portal. To view the detailed information for each registered pool, navigate to Advanced > Directory Integration > Directory Pool.
  • Service Type: Select one of the following service type to perform user authentication or user searches on the directory server integrated with Knox Manage.
Classification Service type Description

Authentication

Authentication

Makes Authentication requests to a client’s directory server.

NOTE— The filter and output fields are automatically entered in accordance with the directory server type.

User-defined authentication

Makes Authentication requests to a client’s directory server.

NOTE— The filter and output fields must be entered manually in accordance with your desired settings.

Search

User Search

Searches for user information only.

NOTE— The filter and output fields are automatically entered in accordance with the directory server type.

Organization Search

Searches for organization information only.

NOTE— The filter and output fields are automatically entered in accordance with the directory server type.

User-defined search

Searches for desired user information using the filter values entered manually. This information can also be sent to devices.

Profile Configuration (User information)

Searches for user information using the filter set for the directory connector. To use this type, the policy of the user information input method must be selected as Connector interworking. For more information on configuring policies, see Configuring policies by device platform.

Profile Configuration (Certificate information)

Authenticates for a user using the filter set for the directory connector. To use this type, the policy of the user certificate information input method must be selected as Connector interworking. For more information on configuring policies, see Configuring policies by device platform.

NOTE— To authenticate users on devices using globalLdapServiceAuthenticator selected as the authenticator, select the service type as Authentication or User-defined authentication. For more information about how to select the authenticator, see Setting the user authentication method.

  • Base DN: Click Select to open the “Select Base DN” window and select a starting location for searches in the directory server. Entering a Base DN value can reduce the time required to search for data by limiting searches to a specific location.
    • Selected DN: Shows the selected DN (Distinguish Name).
  • Filter: Click Select to open the “Select Object Class” window and select an Object Class and attributes for the LDAP Syntax string that will be used to filter search results.
    • Recommended Properties: Displays the recommended properties of the selected object class.
    • Return Value: Displays the LDAP Syntax of the selected property information and object class.
    • Default: Select the object class name defined by default as a filter.
    • Custom: Select the object class name defined by connected directory server as a filter.
  • Range: Select one of the following search range for the directory server based on the specified base DN.
    • Object: Within the level of the base DN.
    • One Level: Within the level including the sub-level of the base DN.
    • Subtree: Within all sub-levels of the base DN.
  • Output Field: Select one of the following return information range to only extract the desired attributes.
    • All: Returns all attributes for the searched entries.
    • Select: Returns only the selected attributes for the searched entries. To select the desired properties to be used for the filter, click Select Property to open the “Select Property” window and select the desired properties on the loaded attribute list. To apply the selected properties click Add.
      • To delete an attribute from the selected properties list, click next to the attribute.

NOTE—

  • To modify the name of the selected sources and return properties, double-click an item on the “Output Field Settings” field, and then modify it.
  • The return property names may not be returned if the modified property names are same as existing property names on the loaded attribute list.

4. Click Save to add a directory connector.