Active Directory Integration
AD authentication is configured in the Console Administrator Tool.
If you would like to integrate the Console with Active Directory you will need a service account with the “Read all properties” or “Read MemberOf” permission on your forest (depending on AD version) this is generally not the standard permission of a service account so it needs to be manually set by an administrator. You will also need to have access to the password for this service account during the initial Active Directory integration activities.
Please follow the instructions in the following user guide:
You will need to save the settings after you enter an AD DC in the server setting and enable AD authentication at the top of the CAT screen then use the Test button to test if it is connecting to AD. To start with do not enter any LDAP search paths so you can ensure it is not the search path you enter that is causing an issue.
You would not enable AD authentication until you have the connection to AD configured, tested and then you would enable it and change the admin user to be a valid user you tested with the Test dialog. That admin user will be what you log into the Console with.
If you are having issues and you have entered a LDAP path, please remove the LDAP paths and save the settings then try logging into the Console with the AD user you have set as the Admin user in the CAT. Once you have that working then you can try adding LDAP paths if you wish. The only AD User that would be able to log into the Console would be the one entered as the Admin user in the CAT until you give other AD Users a Role in the Console.
Please use the Test button and just select to Test LDAP objects retrieval but do not enter a path in that test. If it retrieves the AD structure then that is indicating that it is communicating with AD.
If the Spirion Console is going to utilize Active Directory / LDAP, the IIS Console Server will
require the ability to read LDAP from a DC/LDAP server on TCP 389 & TCP 3268
(TCP 636 & TCP 3269 for SSL)
AD Auto Roles
Auto Roles are Roles that automatically have AD Users added to them or removed from them.
If you would like to use Auto Roles then you would need to enable the following setting in the CAT:
- Allow Auto-Roles - Enable AD User Authentication must be checked before you can enable this option. If enabled, Allow Auto-Roles will synchronize users with roles. This information is from the following linked user guide page: http://my.spirion.com/Help/EnterpriseConsole/index.htm#3382.htm
When creating the Role you would add the LDAP path for the Role as explained in the following linked article: http://my.spirion.com/Help/EnterpriseConsole/index.htm#3458.htm
When creating any Role please ensure the Role has the appropriate General Permissions and Tag Permissions.