Configure LDAP Referrals

You can connect several LDAP servers together using the referrals configuration options to:

  • Select which LDAP referrals to apply (when searching for users).
  • Provide a different set of credentials (Login DN / Password) for a LDAP referral if required.

AAA Server supports three different configurations of LDAP referrals:

  • Parent/Child
  • Trusted Domains (domains in the same forest)
  • Trusted Forest (trusted domains across different forests)
Note: DNS Setup - for the LDAP referrals function to work, the AAA Servers and Administration Consoles must be able to resolve the LDAP referrals hostnames.
  1. Select Tools, then click Options. The AAA Server Administration Console Options window is displayed.

  2. In the Connections settings section, click LDAP Referrals Settings....

  3. Either click Add to configure a new referral or Select an existing one and click Edit.

     

  4. Enter the hostname of the server where the LDAP directory resides.

  5. If the connection requires credentials that are different from those specified for the main LDAP directory (see Configure the Connection to LDAP), enter:

    1. The Login DN for the AAA Server to use to authenticate to the LDAP directory (only if you have a protected directory).
    2. The Password for the Login DN.
      Note: The maximum password length is 24 characters.

  6. To use the same credentials as those specified for the main LDAP directory (see Configure the Connection to LDAP), leave the Login DN and Passwords fields empty.

    Note: Entering a Login DN and password is optional. It is only required if the referral is on a separate domain that requires different credentials. If you do not enter a Login DN and password, the credentials provided for the main LDAP connection are used.
  7. Click OK.
  8. Click Test to verify the connection is correctly configured.
  9. Repeat the above steps for each LDAP directory for which you want to configure a referral.