Determining the values for the Directory Server configuration tab
Posted by Mont Rothstein on 30 November 2007 12:51 AM
This article will guide you throw how to determine the values necessary in the Directory Server tab of the Configuration dialog. This is particularly useful when connecting to a directory server for which default values do not already exist.
For instructions on how to browse a directory server see How to Browse or Explore a Directory Server
Below you will find each field on the Directory Server tab with an explanation of how to get the value.
Directory Server - This drop down contains a list of directory server types for which the common values have already been determined. Selecting a value here populates the values below. The system does not retain the value selected here, i.e. the drop-down is only used to populate the values.
Domain Name - This is the short domain name. The short domain is often, but not necessarily, the first part of the long domain name. Ex: for forayadams.foray.com it could be forayadams or it could by FA01 (to choose a random short name).
Server - The name or IP address of the directory server machine. This may also be referred to as the domain controller machine. This value can usually be found by using "nbtstat -c" on the command line.
Port - For a Foray Adams Directory Server this is 53911. For almost all other dircetory servers it will be 389.
Base DN/Context - This is the Base DN from LDAP Browser. The Base DN (distinguised name) is also know as the default naming context. This is essentially the roor of the directory server.
User Name - This is only needed if anonymous queries are not allowed and is the same value entered in the User Info LDAP Browser. For Active Directory this is simply the user name. For most other directory servers this is the Distinguised Name (dn) for the user. If you can browse the directory server (which you probably can't if you need this) then you can select a user and click the View->View Entry menu. The title of the window that opens will have the dn for the user (do not enter the brackets). Ex: uid=username,ou=people,dc=forayadams,dc=foray,dc=com
Password/Verify Password - Only necessary if the User Name above is filled in.
Authentication - This is typically Ntlm for Activate Directory and Basic for everything else.
User Object Class - This is the attribute that identifies an object as being a user. To find this attribute browse to and select a user object in LDAP Browser. Among the attributes should be multiple entires for the attribute "objectClass". You want the most general one that isn't "top". Ex: person.
User ID - Looking at the same user object as above this is the attribute that contains the user's login name. Examples: uid, samaccountname
User Group ID - This is the attribute that contains the value that will reside in the group to point to the user. To get this attribute select a group with a user. Find the attribute/value pair that identifies a user then go back to the user object and find the attribute that holds that value. Examples: uid, distinguishedname, adspath
User Display Name - This is the attribute the holds the user's full name. You can find this attribute on a user object. Examples: cn, displayname
Group Object Class - This is the attribute that identifies an object as being a group. Select a group object in LDAP Browser. This will be the value of one of the objectClass attributes. You want the most general one that isn't "top". Examples: groupOfUniqueNames, posixgroup, group
Group ID - This is the attribute that the identifier for the group is stored in. Select a group in LDAP Browser and find the attribute that holds the id of the group. Ex: cn
Group Member - This is the attribute that identifies a member of the group. Select a group with at least one member in LDAP Browser and find the attribute that identifies the memeber. Examples: uniqueMember, memberUid, member