Hardware reference guide
GlobalProtect Administrator’s Guide 85
Set Up the GlobalProtect Mobile Security Manager Define Deployment Policies
Integrate the Mobile Security Manager with your LDAP Directory
Use the following procedure to connect to your LDAP directory to enable the Mobile Security Manager to
retrieve user and group information:
Integrate with the Directory Server
Step 1 Create an LDAP Server Profile that specifies how to connect to the directory servers you want the Mobile
Security Manager to use to obtain user and group information.
1. Select
Setup > Server Profiles >
LDAP
.
2. Click
Add and then enter a Name
for the profile.
3. Click
Add to add a new LDAP
server entry and then enter a
Server name to identify the
server (1-31 characters) and the
IP
Address and Port number the
firewall should use to connect to
the LDAP server (default=389
for LDAP; 636 for LDAP over
SSL). You can add up to four
LDAP servers to the profile, however, all the servers you add to a profile must be of the same type. For
redundancy you should add at least two servers.
4. Enter the LDAP
Domain name to prepend to all objects learned from the server. The value you enter here
depends on your deployment:
• If you are using Active Directory, you must enter the NetBIOS domain name; NOT a FQDN (for example,
enter
acme, not acme.com). If you need to collect data from multiple domains you must create separate
server profiles. Although the domain name can be determined automatically, it is a best practice to enter
the domain name whenever possible.
• If you are using a global catalog server, leave this field blank.
5. Select the
Type of LDAP server you are connecting to. The group mapping values will automatically be
populated based on your selection. However, if you have customized your LDAP schema you may need to
modify the default settings.
6. In the
Base field, specify the point where you want the Mobile Security Manager to begin its search for user
and group information within the LDAP tree.
7. Enter the authentication credentials for binding to the LDAP tree in the
Bind DN, Bind Password, and
Confirm Bind Password fields. The Bind DN can be in either User Principal Name (UPN) format
(i.e.
administrator@acme.local) or it can be a fully qualified LDAP name
(i.e.
cn=administrator,cn=users,dc=acme,dc=local).
8. If you want the Mobile Security Manager to communicate with the LDAP server(s) over a secure connection,
select the
SSL check box. If you enable SSL, make sure that you have also specified the appropriate port
number.