You need to search for users on an LDAP server when you import information
about users to the management server.
To search for users on an LDAP directory server
1 In the console, click Clients.
2 Under View Clients, select the group into which you want to import users.
3 Under Tasks, click Import Active Directory or LDAP Users.
4 In the Import Active Directory or LDAP Users dialog box, type the IP address
or host name in the Server box.
5 In the Import Active Directory or LDAP Users dialog box, type the port number
of the LDAP server or Active Directory server in the Server Port box.
The default port number is 389.
6 If you want to connect with the directory server using Secure Sockets Layer
(SSL), click Use Secure Connection.
If you do not check this option, an unencrypted connection is used.
7 List the users by clicking List Users.
You can also type an LDAP query to locate the names of users that you want
to import in the LDAP Search Base box.
You can specify search options such as attribute=value pairs. Commas must
separate the attributes.
CN CommonName
DC DomainComponent
L LocalityName
ST StateOrProvinceName
O OrganizationName
OU OrganizationalUnitName
C CountryName
STREET StreetAddress
Not all LDAP servers support all options. For example, Microsoft Active
Directory does not support O.
The order in which you specify the attribute=value pairs is important because
it indicates the location of the entry in the LDAP directory hierarchy.
If during the installation of a directory server, you specified a DNS-type
domain name such as itsupport.sygate.com, you can query a directory server,
as itsupport is a typical NT NetBIOS domain name.
To query that Active Directory server, specify the LDAP search base in this
order:
CN=Users, DC=itsupport, DC=sygate, DC=com
You can use wild-card characters or regular expressions in the search base.
For example:
CN=a*, CN=Users, DC=itsupport, DC=sygate, DC=com
This query returns all the user names that start with the letter a.
Another example represents organizations in which you may want to perform
a structural directory search, such as:
mycorp.com -> engineering.mycorp.com or sales.mycorp.com
Managing directory servers 255
Searching for users on an LDAP directory server
You can specify either option contingent upon where you want to start
searching the LDAP directory.
o=mycorp.com or o=engineering.mycorp.com
You can specify logical comparison using > or < in an LDAP search string.
An LDAP query that provides more than 1,000 results may fail. Be sure to set
up the search base so that fewer than 1,000 users are reported.
8 Type the name of the LDAP user account in the Authorized Accounts box.
9 Type the password of the LDAP user account in the Password box.
10 Click List Users to display a list of users on the LDAP server.
If Only show users that are not added in any group is checked, only those
users appear that have not already been added.
To import users from an LDAP directory server search results list
1 In the console, click Clients.
2 In the Group List tree, select the group to which you want to add users from
the LDAP server.
Click Add All if you want to add all users or select specific users from the
list, and then click Add.
3 Click the field name to sort by using that column.
You can sort the search results by field in ascending or descending order.
4 Select one or more users from the LDAP User List area.
You can use standard windows selection keys such as the Ctrl key to select
non-contiguous users.
5 Click Add so that the names of new users appear in the group tree.
6 Repeat this process for adding users to other groups, as necessary, until you
have added all new users to appropriate groups.
7 Click Close