Citrix Systems CITRIX NETSCALER 9.3 Benutzerhandbuch
8. To retrieve additional LDAP settings automatically, click Retrieve Attributes. The
fields under Other Settings then populate automatically. If you do not want to do
this, skip to Step 12.
this, skip to Step 12.
9. Under Other Settings, in Server Logon Name Attribute, type the attribute under
which the NetScaler should look for user logon names for the LDAP server that you
are configuring. The default is samAccountName.
are configuring. The default is samAccountName.
10. In Group Attribute, leave the default memberOf for Active Directory or change it
to that of the LDAP server type you are using. This attribute enables the NetScaler
to obtain the groups associated with a user during authorization.
to obtain the groups associated with a user during authorization.
11. In Security Type, select the security type.
If you select PLAINTEXT or TLS for security, use port number 389. If you select
SSL, use port number 636.
SSL, use port number 636.
12. To allow users to change their LDAP password, select Allow Password Change.
If you select PLAINTEXT as the security type, allowing users to change their
passwords is not supported.
passwords is not supported.
13. Click Create.
14. In the Create Authentication Policy dialog box, next to Named Expressions,
select the expression, click Add Expression, click Create, and click Close.
After the LDAP server settings are configured on the NetScaler, bind the policy to the
system global entity. For more information about binding authentication policies
globally, see
system global entity. For more information about binding authentication policies
globally, see
on page
45.
Determining attributes in the LDAP directory
If you need help determining your LDAP directory attributes, you can easily look them
up with the free LDAP browser from Softerra.
up with the free LDAP browser from Softerra.
You can download the LDAP browser from the Softerra LDAP Administrator Web site at
. After the browser is installed, set the following attributes:
w
The host name or IP address of your LDAP server.
w
The port of your LDAP server. The default is 389.
w
The base DN field can be left blank.
w
The information provided by the LDAP browser can help you determine the base DN
needed for the Authentication tab.
needed for the Authentication tab.
w
The Anonymous Bind check determines whether the LDAP server requires user
credentials for the browser to connect to it. If the LDAP server requires credentials,
leave the check box cleared.
credentials for the browser to connect to it. If the LDAP server requires credentials,
leave the check box cleared.
After completing the settings, the LDAP browser displays the profile name in the left
pane and connects to the LDAP server.
pane and connects to the LDAP server.
Citrix NetScaler Administration Guide
41