11.2 Prerequisites

11.2.1 Exporting the LDAP Server CA Certificate

If you want to connect to the LDAP server by using an SSL connection and the LDAP server certificate is not signed by a well-known CA, you must export the LDAP server CA certificate to a Base64-encoded file.

11.2.2 Enabling Anonymous Search in the LDAP Directory

To perform LDAP authentication using anonymous search, you must enable anonymous search in the LDAP directory. By default, anonymous search is enabled in eDirectory and is disabled in Active Directory.

  • eDirectory: See ldapBindRestrictions in section Attributes on the LDAP Server Object.

  • Active Directory: Enabling anonymous binds for Active Directory requires two steps. These steps are the same for both Windows 2003 and Windows 2008 Active Directory.

    • Enable Anonymous LDAP Operations: By default, anonymous LDAP operations are disabled in Active Directory. You must enable anonymous LDAP operations in Active Directory by setting the dsHeuristics attribute to an appropriate value.

      For more information, see Enabling anonymous LDAP operations.

    • Assign Permissions to the ANONYMOUS LOGON User: The Read and List Contents permissions must be assigned to the ANONYMOUS LOGON user.

      For more information, see Granting anonymous read access.