Configure LDAP Referrals
You can connect several LDAP servers together using the referrals configuration options to:
- Select which LDAP referrals to apply (when searching for users).
- Provide a different set of credentials (Login DN / Password) for each LDAP referral.
AAA Server supports three different configurations of LDAP referrals:
- Parent/Child
- Trusted Domains (domains in the same forest)
- Trusted Forest (trusted domains across different forests)
Note: DNS Setup: In order for the LDAP referrals function to work, the AAA Servers and Administration Consoles must be able to resolve the LDAP referrals hostnames.
- Select Tools, then click Options. The AAA Server Administration Console Options window is displayed.
- In the Connections settings section, click LDAP Referrals Settings....
- Either click Add to configure a new referral or highlight an existing one and click Edit.
- Enter the hostname of the server where the LDAP directory resides.
- If the connection requires credentials that are different from those specified for the main LDAP directory (see Configure the Connection to LDAP), enter:
- The Login DN for the AAA Server used to authenticate to the LDAP directory (only if you have a protected directory).
This user must have write permission to store the device serial numbers in the directory.
-
The Password for the Login DN
- To use the same credentials as those specified for the main LDAP directory (see Configure the Connection to LDAP), leave the Login DN and Passwords fields empty.
- Click OK.
- Click Test to verify the connection is correctly configured.
- Repeat the above steps for each LDAP directory for which you want to configure a referral.
Note: Entering a Login DN and password is optional. It is only required if the referral is on a separate domain that requires different credentials. If you do not enter a Login DN and password, then the credentials provided for the main LDAP connection are used.
