4.1 Configuring the UAM Server

UAM can access the information you have already set up in your LDAP or Microsoft Active Directory server to allow users to log on to the UAM server. This functionality is not available if UAM is installed in FIPS mode.

4.1.1 Configure to Use LDAP or Active Directory

To configure the UAM server to use LDAP or Microsoft Active Directory credentials.

Prerequisites

Ensure that you have the following information:

  • The domain and computer address, such as ldap://<ldap_ip_address>:389, of the LDAP or Active Directory server

  • Location of user entries in the structure of LDAP or Active Directory server

  • Attribute that identifies the login name for each user

  • An account that the UAM server can use to access the LDAP or Active Directory server

To configure UAM server to use LDAP or Active Directory credentials:

  1. Log on to UAM as an administrator, and open the Manage Server window.

  2. Click LDAP and then click Add button.

  3. Enter the name of the domain that contains the LDAP or Active Directory server.

    NOTE:Users must enter this domain name when they log on to UAM.

  4. Select the domain and provide information as requested on the window using the following guidelines:

    1. In Server Address, enter the LDAP or Active Directory server computer name and port. For example, ldap://<ldap_ip_address>:389

    2. In User’s Parent DN, enter the path to the node that contains the user name. For example, ou=AMAdmins,dc=netiq,dn=com

    3. In Username, enter the attribute you want UAM to use to identify the user. It will be used as a consistent identifier even if the user name changes. The default and only attribute supported by UAM is uid.

    4. (Conditional) If you use simple authentication for specific users, in Username, enter the path to the user name. For example, ou=Operator,dc=netiq,dn=com.

  5. Click Refresh Users.

4.1.2 Configure to Use SSL with LDAP or Active Directory

The UAM server can communicate with the LDAP or Active Directory server using Secure Sockets Layer (SSL). If you choose UAM server to communicate with the server using SSL, you must obtain and manage the required certificates. UAM requires certificates that are base-64 encoded and use a .cer extension.

  1. For example, to get a certificate from an OpenLDAP server, run the following command from the /etc/openldap/certs directory on the computer that is running the slapd process:

    certutil –L –a –n "OpenLDAP Server" –d `pwd` > servername.pem

    The command creates a servername.pem file that you can import into UAM using the Manage Server window where you identify your LDAP server.

  2. Close and restart the UAM after you import the certificate.

NOTE:For more information about LDAP authentication, see Logging in by Using LDAP User Credentials in The Sentinel Administration Guide.