User Guide

OmniVista SafeGuard Manager Administration Guide

125

Chapter 5: Device Configuration

7 Select a role and click Edit to change the configuration of an existing role.

8 Select a role and click Delete to remove it from the list. A confirmation box is

displayed asking you to confirm the deletion.

9 Select a policy and click Up or Down to change the precedence.

LDAP Servers

LDAP, Lightweight Directory Access Protocol, is an Internet protocol that email and other

programs use to look up information from a server. The LDAP protocol defines how to

store structured data. For example, corporations may want to store employee contact

information, categorize employees into various groups (QA, Docs, Engineering, and so

forth).

LDAP servers are used to authenticate users when Active Directory (AD) is used as an

authentication mechanism. AD is an implementation of LDAP directory services by

Microsoft for use in Windows environments.

Configuring LDAP Servers

When SafeGuard authenticates a user, during the process of role derivation, and if

conditions set use AD attribute class, LDAP servers that are configured are contacted to

get the value of desired attribute. For example,

If you set a rule-map with a condition

(set role=”offshore” if AD.country=INDIA)

When authenticating a user, SafeGuard obtains the value of AD.country and matches it

using that value. If the match is successful, the role of

“offshore” is assigned.

To configure an LDAP server:

1 Select LDAP Servers from the navigation tree (Figure 61) and click New

in the Action Bar.

The New Role Derivation Rule Set dialog box displays

(

Figure 78