Netgear STM300 STM 150-300-600 Reference Manual (PDF) - Page 158
How an Active Directory Works, How to Bind a Distinguished Name in an LDAP Configuration
![]() |
UPC - 606449062458
View all Netgear STM300 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 158 highlights
ProSecure Web/Email Security Threat Management (STM) Appliance How an Active Directory Works Understanding how a typical Active Directory (AD) works might be of help when you are specifying the settings for the LDAP and Active Directory domains on the STM. The following applies to a typical AD: • Organizational unit (OU), common name (CN), and domain controller (DC) can all be used to build a search base in the AD. The following applies to the OU and CN containers: - An AD administrator can create an OU but cannot create a CN that was built in the AD server. - An AD administrator can apply a global policy object (GPO) to an OU but not to a CN. • An OU is created in the root node (for example, dc=companyname, dc=com) of the hierarchy. In a company AD, an OU often represents a regional office or department. • A group is created under cn=users. • A user is created under each OU so that the user can logically show in a tree of the AD server. • A relationship between a group and users is built using their attributes (by default: member and memberOf). These show in a lookup result. The following is an example of how to set the search base: If in a company AD server "cn=users" and "ou=companyname" and both are specified under "dc=companyname,dc=com," the search base needs to be set as "dc=companyname,dc= com" in order for the STM to search both users and groups. If the size limit is exceeded so that "dc=companyname,dc=com" misses some entries during the lookup process, a user can still be correctly authenticated. However, to prevent the size limit from being exceeded, an AD administrator needs to set a larger value in the LDAP server configuration so that the entire list of users and groups is returned in the lookup result. Another workaround is to use a specific search name or a name with a wildcard in the lookup process, so that the subset of the entire list is returned in the lookup result. How to Bind a Distinguished Name in an LDAP Configuration Understanding how to bind a distinguished name (DN) in an LDAP configuration might be of help when you are specifying the settings for the LDAP and Active Directory domains on the STM. To bind a user with the name Jamie Hanson with the LDAP server: Note: In this example, the LDAP domain name is ABC.com, and the LDAP server has the IP address 192.168.35.115 on port 389. 1. On a computer that has access to the Active Directory (AD), open the Active Directory for Users and Computers. 2. Select the user Jamie Hanson. 158 | Chapter 5. Managing Users, Groups, and Authentication
![](/manual_guide/products/netgear-stm150-stm-150300600-reference-manual-pdf-8d16fbf/158.png)