Change Guardian uses LDAP to process each user group in a policy as a list of the group members. For example, if a policy monitors Group A, LDAP allows Change Guardian to monitor the activity performed by the individual users in Group A. If the policy returns an event, the name of the user performing the change is included in the event report.
You must configure LDAP settings for every grouped resource you intend to monitor. If you do not configure LDAP settings for a grouped resource, and you specify that grouped resource in a policy, the Policy Editor submits the policy to the Change Guardian server, but the policy cannot monitor the group members correctly. You can also browse Active Directory to select items for use in a policy.
To access and configure the domain controller in LDAP settings, perform the following steps:
Click Settings > LDAP Settings.
In the LDAP Settings window, click New.
Specify the following fields:
Domain name: Specify the name of the Active Directory domain. For example, test.example.com
User name: Specify the name of the Active Directory user name. You can specify the user name in the following format:
<user_name>
<domain_name\user_name>
<user_name@domain_name.com>
Password: Specify the password for the Active Directory user.
Polling interval: It is the time interval at which the Change Guardian server synchronizes with the active directory for delta information.
Click Test button, to test the authentication of the Active Directory user before searching for the LDAP object.
Click Apply to save the configuration.
The LDAP Settings window displays the domain name for each resource. From this window, you can also edit, and delete settings.
NOTE:You cannot delete a setting that an active policy is using.