Manage Users, Authentication, and VPN Certificates
385
ProSecure Unified Threat Management (UTM) Appliance
• An OU is created in the root node (for example, dc=companyname, dc=com) of the
hierarchy. In a company AD, an OU often represents a regional office or department.
• A group is created under cn=users.
• A user is created under each OU so that the user can logically show in a tree of the AD
server.
• A relationship between a group and users is built using their attributes (by default:
member and memberOf). These are shows in a lookup result.
The following is an example of how to set the search base:
If a company AD server has cn=users and ou=companyname defined and both are
specified under dc=companyname,dc=com, the search base needs to be set as
dc=companyname,dc=com in order for the UTM to search both users and groups.
If the size limit is exceeded so that dc=companyname,dc=com misses some entries during
the lookup process, a user can still be correctly authenticated. However, to prevent the size
limit from being exceeded, an AD administrator needs to set a larger value in the LDAP
server configuration so that the entire list of users and groups is returned in the lookup result.
Another workaround is to use a specific search name or a name with a wildcard in the lookup
process, so that the subset of the entire list is returned in the lookup result.
How to Bind a DN in an Active Directory Configuration
Understanding how to bind a distinguished name (DN) in an Active Directory (AD)
configuration might be of help when you are specifying the settings for the AD domains on
the UTM.
In this example, the AD domain name is testAD.com, and the AD server has the IP address
192.168.35.115 on port 389.
To bind a user with the name Jamie Hanson with the AD server:
1. On a computer that has access to the AD, open the AD for Users and Computers.
2. Select the user Jamie Hanson.
3. Click the General tab. The general properties for Jamie Hanson display.