Menu

Add a directory connector

Add a directory connector to extract required client’s information on the directory server.

To add a directory connector, complete the following steps:

  1. Navigate to Advanced > Directory Integration > Directory Service.
  2. On the Directory Service page, click Add.
  3. On the Add Directory Service page, enter the following information:
    • Service ID—Enter a Service ID of up to 50 characters containing letters, numbers, and special characters, namely dashes and underscores.
    • Service Name—Enter a Service name to distinguish it from other directory connectors.
    • Status—Select the status of the directory connector to use. The default value is Activated.
    • Pool Name—Select the pool (directory server) that you have already created for directory servers in the Admin Portal. To view the detailed information for each registered pool, navigate to Advanced > Directory Integration > Directory Pool.
    • Service Type—Select one of the following service type to perform user authentication or user searches on the directory server integrated with Knox Manage.
    Classification Service type Description

    Authentication

    Authentication

    Makes Authentication requests to a client’s directory server.

    NOTE—The filter and output fields are automatically entered in accordance with the directory server type.

    User-defined authentication

    Makes Authentication requests to a client’s directory server.

    NOTE—The filter and output fields must be entered manually in accordance with your desired settings.

    Search

    User Search

    Searches for user information only.

    NOTE—The filter and output fields are automatically entered in accordance with the directory server type.

    Organization Search

    Searches for organization information only.

    NOTE—The filter and output fields are automatically entered in accordance with the directory server type.

    User-defined search

    Searches for desired user information using the filter values entered manually. This information can also be sent to devices.

    Profile Configuration (User information)

    Searches for user information using the filter set for the directory connector. To use this type, you must select the policy of the user information input method as Connector interworking. For more information on configuring policies, see Configuring policies by device platform.

    Profile Configuration (Certificate information)

    Authenticates for a user using the filter set for the directory connector. To use this type, you must select the policy of the user certificate information input method as Connector interworking. For more information on configuring policies, see Configuring policies by device platform.

    NOTE—To authenticate users on devices using globalLdapServiceAuthenticator selected as the authenticator, select the service type as Authentication or User-defined authentication. For more information about how to select the authenticator, see Setting the user authentication method.
    • Base DN—Click Select to open the Select Base DN screen and select a starting location for searches in the directory server. Entering a Base DN value can reduce the time required to search for data by limiting searches to a specific location.
      • Selected DN—Shows the selected DN (Distinguish Name).
    • Filter—Click Select to open the Select Object Classscreen and select an Object Class and attributes for the LDAP Syntax string that is used to filter search results.
      • Recommended Properties—Shows the recommended properties of the selected object class.
      • Return Value—Shows the LDAP Syntax of the selected property information and object class.
      • Default—Select the object class name defined by default as a filter.
      • Custom—Select the object class name defined by connected directory server as a filter.
    • Range—Select one of the following search range for the directory server based on the specified base DN.
      • Object—Within the level of the base DN.
      • One Level—Within the level including the sub-level of the base DN.
      • Subtree—Within all sub-levels of the base DN.
    • Output Field—Select one of the following return information range to only extract the desired attributes.
      • All—Returns all attributes for the searched entries.
      • Select—Returns only the selected attributes for the searched entries. To select the desired properties to be used for the filter, click Select Property to open the Select Propertyscreen and select the desired properties on the loaded attribute list. To apply the selected properties click Add.
        • To delete an attribute from the selected properties list, click the delete icon next to the attribute.
    NOTE
    • To modify the name of the selected sources and return properties, double-click an item on the Output Field Settings field, and then modify it.
    • The return property names may not be returned if the modified property names are same as existing property names on the loaded attribute list.
  4. Click Save to add a directory connector.
Share it: