Quick Reference Guide
Chapter 5. Managing Users, Groups, and Authentication | 163
ProSecure Web/Email Security Threat Management (STM) Appliance
3. Click Test to verify that the LDAP server can actually function with the LDAP settings that
you have specified. The automated test procedure checks the connection to the LDAP
server; the bind DN, and the bind password. If any settings require changes, you are notified
at the end of the automated test procedure.
Note: If the automated test procedure returns the message “LDAP server
test passed but size limit exceeded,” only a limited number of entries
(for example, 1000) was returned after the LDAP server was
queried. To ensure that the lookup results include all users and
groups, set larger values in the LDAP server. Another workaround is
to use a specific search name or a name with a wildcard in the
lookup process, so that the subset of the entire list is returned in the
lookup result.
4. Click Add to save your settings. The LDAP or Active Directory domain and server are added
to the List of LDAP table.
To delete a domain and server from the List of LDAP table, click the Delete table button in the
Action column for the domain and server that you want to delete.
WARNING!
After their sessions have expired, users can no longer log in to the
STM if the domain that has been assigned to them is the domain
that you deleted.
Group Members
Attribute
This field is optional. The attribute that is used to identify the members of a group.
For an Active Directory, enter member.
For OpenLDAP, you can enter a customized attribute to identify the members of a group.
Additional Filter This field is optional. A filter that is used when searching the LDAP server for matching
entries while excluding others. (Use the format described by RFC 2254.)
The following search term examples match users only:
Active Directory: objectClass=user
Open LDAP: objectClass=posixAccount
Table 47. LDAP Settings (Continued)
Setting Description