CSSCurrent en:LDAP

Aus Cryptshare Documentation
Wechseln zu:Navigation, Suche

If the users within your network are managed through an LDAP Server such as Microsoft Active Directory, it is possible to use LDAP groups and users to define the senders and recipients in Policy Rules (see Policy Settings).

Configuring an LDAP Server for Cryptshare

The LDAP Server configuration consists of two steps. The first step is for establishing the connection to the LDAP Server. The second step tells the Cryptshare Server which LDAP attributes contain the email addresses of individual users. This step is only available if the LDAP connection is successfully established and settings have been saved.

Step 1: LDAP Server Connection

Depending on what type of LDAP Server you are using, you'll first have to select the LDAP Server type. Currently there are three supported types:

Server Type Group Objectclass User Objectclass
Microsoft AD group person
IBM Domino dominoGroup dominoPerson
OpenLDAP groupOfNames inetOrgPerson
Please be sure to select the correct Server Type. If the wrong type has been selected, Cryptshare cannot find the LDAP users and Policy Rules will not match.

Continue by configuring the remaining connection settings. Depending on how your LDAP Server is set up you may be required to use the secure connection setting: 12 LDAP-Einstellungen 1 EN.png

You may also be required to provide 'Bind DN' credentials (User credentials) in order to be able to connect to your LDAP Server. Enter the Username (the NETBIOS/Windows Server 2012 variant) and the password of a User, who is allowed to ask LDAP:

Please note that the connection check cannot identify if the directory type has been set correctly.

12 LDAP-Einstellungen 2 EN.png

Use the 'Check Connection' button to find out whether your settings are correct and if a connection can be established. If no connection can be established, a respective error message will appear. Along with the error message a more detailed log entry will give more precise information about this error together with an LDAP 'ResultCode'. The result code is a standardized LDAP result code. For more information on single LDAP result codes please refer to the following links:

12 LDAP-Einstellungen 3 EN.png

Step 2: LDAP Attribute Selection

After successfully configuring the LDAP connection settings, section 2 for the LDAP settings will appear and offer a visual interface for selecting the LDAP Attributes containing the email addresses of individual LDAP users.

As long as no email attributes have been selected, Cryptshare is unable to determine the email addresses of the LDAP users and Policy Rules cannot match

On the left hand side an LDAP Tree containing all LDAP entries is shown. Select a user entry by clicking on it. While hovering with the mouse above single entries, a popup will occur showing the LDAP attribute values for this entry:

When selecting an entry, an additional view will appear on the right side showing the LDAP attribute names and corresponding values. If you have selected an LDAP user entry, you can now go on and select those LDAP entries containing the email addresses of users. Finish the configuration by clicking the 'Save' button. Cryptshare is now ready for setting up LDAP-based Policy Rules (see Policy Settings). 12 LDAP-Einstellungen 4 EN.png