Quick Reference Guide

ManualsBrandsNetgear ManualsWirelessNetgear STM300

151

152

153

154

155

156

157

158

159

160

158 | Chapter 5. Managing Users, Groups, and Authentication

ProSecure Web/Email Security Threat Management (STM) Appliance

How an Active Directory Works

Understanding how a typical Active Directory (AD) works might be of help when you are

specifying the settings for the LDAP and Active Directory domains on the STM.

The following applies to a typical AD:

• Organizational unit (OU), common name (CN), and domain controller (DC) can all be

used to build a search base in the AD. The following applies to the OU and CN

containers:

- An AD administrator can create an OU but cannot create a CN that was built in the AD

server.

- An AD administrator can apply a global policy object (GPO) to an OU but not to a CN.

• An OU is created in the root node (for example, dc=companyname, dc=com) of the

hierarchy. In a company AD, an OU often represents a regional office or department.

• A group is created under cn=users.

• A user is created under each OU so that the user can logically show in a tree of the AD

server.

• A relationship between a group and users is built using their attributes (by default:

member and memberOf). These show in a lookup result.

The following is an example of how to set the search base:

If in a company AD server “cn=users” and “ou=companyname” and both are specified under

“dc=companyname,dc=com,” the search base needs to be set as “dc=companyname,dc=

com” in order for the STM to search both users and groups.

If the size limit is exceeded so that “dc=companyname,dc=com” misses some entries during

the lookup process, a user can still be correctly authenticated. However, to prevent the size

limit from being exceeded, an AD administrator needs to set a larger value in the LDAP

server configuration so that the entire list of users and groups is returned in the lookup result.

Another workaround is to use a specific search name or a name with a wildcard in the lookup

process, so that the subset of the entire list is returned in the lookup result.

How to Bind a Distinguished Name in an LDAP Configuration

Understanding how to bind a distinguished name (DN) in an LDAP configuration might be of

help when you are specifying the settings for the LDAP and Active Directory domains on the

STM.

To bind a user with the name Jamie Hanson with the LDAP server:

Note: In this example, the LDAP domain name is ABC.com, and the LDAP

server has the IP address 192.168.35.115 on port 389.

1. On a computer that has access to the Active Directory (AD), open the Active Directory

for Users and Computers.

2. Select the user Jamie Hanson.