Installation guide
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide
A-4
Integration with LDAP
Support Multiple Domains for Multiple LDAP Servers
IWSVA has an LDAP module that allows communication with multiple LDAP servers
with the ability to establish multidomain trees and forest-like environments.
IWSVA LDAP integration supports multiple domains and multiple LDAP servers.
To configure the LDAP function at the IWSVA Web console:
1. Go to Administration > IWSVA Configuration > User Identification > User
Identification
2. Input the necessary information for the LDAP connection
3. Click Test Connection to verify the LDAP configuration and connectivity. A
success message will appear if the test is successful.
4. Click the Save to save the configuration.
Note: Before configuring LDAP, make sure the LDAP domain name is resolvable by the
IWSVA DNS.
Two authentication methods are provided for user authentication. Standard
authentication will provide a standard 401 or 407 authentication dialog box to specify
the user account and password. If the client machine is a Windows desktop in the
Microsoft Active Directory domain, transparent authentication will applied. Captive
Portal will show a Web-based authentication page for user identification. Guest policy is
applicable with Captive Portal authentication. Cookie mode is added in IWSVA 6.5 to
address user identification in NAT and terminal server environment which is only
available in Captive Portal.
The Windows Active Directory (AD) Global Catalog enables LDAP clients, such as
IWSVA, to query objects native to the domain being queried, and those residing in
remote domains, as long as the AD server being queried and the remote AD server has
Global Catalog enabled. The Global Catalog server accepts the LDAP requests on port
3268 and allows querying the user credentials, full name and membership in the global
and universal groups across all other domains in the forest. The use of the Global