SecurID^® Discussions

haharo0038 · ‎2022-08-31

We are deploying RSA AM and mapping AD to it. Can anyone tell us while mapping the AD we put following

In the Directory Connection - Primary section, do the following:

Enter the requested information in the following fields.

Directory URL
Directory Failover URL
Directory User ID
Directory Password

What will be the format of the Directory URL.

EricaChalfin · ‎2022-08-31

ETA: I moved your post to the SecurID Access discussions space where it will be seen by customers, partners and our support team. Be sure to bookmark the page and come back often to see new content and ask questions.

The directory URL is the URL of the new identity source. If you use the standard SSL-LDAP port 636, specify the value as ldaps://hostname/; for example, ldap://2k12-dc1.2k12-vcloud.local. To use a non-standard port, you must specify the port number, for example, ldap://2k12-dc1.2k12-vcloud.local:6636.

The optional directory failover URL is used if the connection with the primary directory server fails. The failover directory server must be a mirror of the primary directory server.

The directory user ID is the LDAP directory administrator's User ID. For example, you might enter cn=administrator,cn=Users,dc=2k12-vcloud,dc=local or administrator@2k12-vcloud.local

Directory Password. The LDAP directory administrator's password for the user defined above. Note that if this user's password is changed in AD and not updated in the Operations Console, connectivity will fail.

Here is a screen shot from my lab showing how I connect to our lab identity source named 2k12-dc1.2k12-vcloud.local:

Best regards,
Erica

View solution in original post

DavidAllison · ‎2022-08-31

The User ID can be one of 4 formats, and there is no consistency in my experience. It can be UPN, sAMAccountName, or x.400. Just keep trying until you get a hit:

username

domain\username

username@domain

cn=username,dc=domain,dc=tld

View solution in original post

EricaChalfin · ‎2022-08-31

@haharo0038,

ETA: I moved your post to the SecurID Access discussions space where it will be seen by customers, partners and our support team. Be sure to bookmark the page and come back often to see new content and ask questions.

The directory URL is the URL of the new identity source. If you use the standard SSL-LDAP port 636, specify the value as ldaps://hostname/; for example, ldap://2k12-dc1.2k12-vcloud.local. To use a non-standard port, you must specify the port number, for example, ldap://2k12-dc1.2k12-vcloud.local:6636.

The optional directory failover URL is used if the connection with the primary directory server fails. The failover directory server must be a mirror of the primary directory server.

The directory user ID is the LDAP directory administrator's User ID. For example, you might enter cn=administrator,cn=Users,dc=2k12-vcloud,dc=local or administrator@2k12-vcloud.local

Directory Password. The LDAP directory administrator's password for the user defined above. Note that if this user's password is changed in AD and not updated in the Operations Console, connectivity will fail.

Here is a screen shot from my lab showing how I connect to our lab identity source named 2k12-dc1.2k12-vcloud.local:

Best regards,
Erica

DavidAllison · ‎2022-08-31

The User ID can be one of 4 formats, and there is no consistency in my experience. It can be UPN, sAMAccountName, or x.400. Just keep trying until you get a hit:

username

domain\username

username@domain

cn=username,dc=domain,dc=tld

haharo0038 · ‎2022-09-01

Thanks everyone. I was missing ldap:// before the user directory ID.

SecurID^® Discussions

Mapping AD to authentication manager

Knowledge Base

SecurID® Discussions

Mapping AD to authentication manager

Knowledge Base

SecurID^® Discussions