Introduction : This is used to authenticate users using Captive Portal or Dot 1 x as well as in Tacacs service to authenticate users on network devices including ClearPass and Airwave.
Note: If EAP-PEAP with MSCHAPv2 will be used, then CPPM will need to be joined to the domain as well.
Please refer https://na2.salesforce.com/knowledge/publishing/articlePreview.apexp?id=kA340000000GqcP for details about this.
Environment : This article is written on CPPM 6.x
Configuration Steps : How to find the Bind DN for a user for Active Directory.
1: C:\Users\Administrator>dsquery user
This will return the bind DN for each users.
We can use any bind DN based on the privileges we need.
Configuration on CPPM.
Navigate to Configuration – Authentication – Sources and click “Add Authentication Source"
Fill in the details below and hit "Next".
Fill in the details below:
Hostname : Provide the IP or the Hostname of the AD server.
Connection Security : We can choose from the drop down.
Port : 389 by default.
Verify Server Certificate : This option is not required to be enabled if port 389 is selected by default.
Bind DN : Bind DN can be fetched from the Active directory by running the command below on the Windows server CLI.
OR Bind DN can be entered just as administrator@your_company.com
After entering the aove details click on " Search Base Dn"
It will open up a new window as below.
Select the correct Base DN and hit Save. After Save, hit "Next"
We can add/remove attributes based on our requirements. This can be used later to authenticate a specific group of users with a common attribute to a given role.
Hit "Save" and exit.
We have successfully added the Active directory as an authentication source.