Users Guide
• Manual: In the Method box, enter the FQDN or the IP address of the domain controller. For multiple servers, use a comma
separated list.
c) Enter the LDAP Binder Distinguished Name (DN) and password.
3. In the Advanced Options section:
a) By default, LDAP port number of 636 is populated. To change, enter a port number.
b) To match the LDAP configuration on the server, enter the group base DN to search for.
c) Enter the user attribute to search for. If it is not configured, use UID. It is recommended that this is unique within the selected
Base DN. Else, configure a search filter to ensure that it is unique. If the user DN cannot be uniquely identified by the search
combination of attribute and search filter, the login operation fails.
d) In the Attribute of Group Membership box, enter the attribute that stores the groups and member information in the directory.
e) Enter the network timeout and search timeout duration in seconds.
f) To upload an SSL certificate, select Certificate Validation and click Select a file.
The Test connection tab is enabled.
4. Click Test connection.
5. In the dialog box, enter the username and password of the domain to be connected to.
6. Click Test connection.
In the Directory Service Information dialog box, a message is displayed to indicate successful connection.
7. Click Ok.
8. Click Finish.
A job is created and run to add the requested directory in the Directory Services list.
1. In the DIRECTORY NAME column, select the directory. The Directory Service properties are displayed in the right pane.
2. Click Edit.
3. In the Connect to Directory Service dialog box, edit the data and click Finish. The data is updated and saved.
Set the login security properties
NOTE:
To perform any tasks on OpenManage Enterprise, you must have necessary user privileges. See Role-based
OpenManage Enterprise user privileges.
NOTE: AD and LDAP directory users can be imported and assigned one of the OpenManage Enterprise roles (Admin,
DeviceManager, or Viewer). The Single-Sign-On (SSO) feature stops at login to the console. Actions run on the devices
require a privileged account on the device.
By clicking OpenManage Enterprise > Application Settings > Security, you can secure your OpenManage Enterprise either by
specifying login IP range or login lockout policy.
• Expand Login IP Range:
1. To specify the IP address range that must be allowed to access OpenManage Enterprise, select the Enable IP Range check box.
2. In the IP Range Address (CIDR) box, enter the range of IP addresses separated by a comma.
3. Click Apply. To reset to default properties, click Discard.
• Expand Login Lockout Policy :
1. Select the By User Name check box to prevent a specific user name from logging in to OpenManage Enterprise.
2. Select the By IP address check box to prevent a specific IP address from logging in to OpenManage Enterprise.
3. In the Lockout Fail Count box, enter the number of unsuccessful attempts after which OpenManage Enterprise must prevent
the user from further logging in. By default, 3 attempts.
4. In the Lockout Fail Window box, enter the duration for which OpenManage Enterprise must display information about a failed
attempt.
5. In the Lockout Penalty Time box, enter the duration for which the user is prevented from making any login attempt after multiple
unsuccessful attempts.
6. Click Apply. To reset the settings to default attributes, click Discard.
Related reference
Security Certificates
Managing OpenManage Enterprise appliance settings
101