5.5 Configuring eDirectory as an Identity Source

To configure eDirectory as an identity source for authentication only:

1. Verify that you have an eDirectory administrator account.

2. Log in to the CloudAccess administration console:

   https://appliance_dns_name/appliance/index.html

3. Drag the connector for eDirectory from the Identity Sources palette to the Identity Sources panel.

4. Use the following information to configure the connector for eDirectory:

   Credentials: Specify the fully distinguished LDAP format name and password of the eDirectory administrator account with the minimum rights.

   Search Context: Specify the fully distinguished LDAP format of the context where the connector searches for user objects.

   eDirectory Server: Specify the IP address and LDAP port of the eDirectory server that contains a Master or Read/Write replica of the partition where the user objects reside. Select Enable LDAP SSL to use port 636. Otherwise, the default non-SSL port is 389.

   Filter extension: Specify a filter for the object class and attribute you want to use to import users. If users do not meet the criteria defined in the filter, CloudAccess does not import those users.

   For example, (&(objectclass=user)(samaccountname=abc*)) imports only users that start with the samaccountname of abc*.

5. (Optional) If you have custom attributes you want to map, click Advanced Options, then specify your custom attributes under Attribute Mappings.

6. Click OK, then click Apply to save the configuration.

7. Proceed to policy mapping to grant users access to applications. For more information, see Section 12.0, Mapping Authorizations.