Configuing an Active Directory User

Configuring an Active Directory User

Policy > Object > User > AD User

AD user represents the users that are located in the external AD server.

In the AD User page, you can perform the following actions:

From the bottom-left corner, select a AD server. After selecting a AD server, proceed to perform the following actions:
Click Configure to configure the AD server settings.
Click Sync Users to retrieve the user information from the AD server.
Click Import Binding to import a user binding list.
Click Export Binding to export the user binding list.

Options in the Active Directory Server Configuration dialog:

Option	Description
Basic Configuration
Server Name	Specifies a name for the AD server.
Server Address	Specifies an IP address or domain name for the AD server.
Login-dn	Specifies authentication characteristics for Login-dn (a user account with query privilege pre-defined by the AD server).
Base-dn	Specifies a Base-dn for the AD server. Base-dn is the starting point at which your search will begin when the AD server receives an authentication request.
Port	Specifies a port number for the AD server.
Password	Specifies a password for the AD server.
Confirm Password	Enter the password again to confirm.
Optional
Backup Server 1	Specifies an IP address or domain name for the backup AD server 1.
Backup Server 2	Specifies an IP address or domain name for the backup AD server 2.
Authentication Mode	Specifies an authentication mode (either plain text or MD5). The default mode is MD5.
Security Agent	Select the Enable check box to enable Security Agent. With this function enabled, the system will be able to obtain the mappings between the usernames of the domain users and IP addresses from the AD server, so that the domain users can gain access to network resources. In this way Single Sign On is implemented. Besides, by making use of the obtained mappings, the system can also implement other user-based functions, like security statistics, logging, behavior auditing, etc. To enable Security Agent on the AD server, you need to install and run Security Agent first on the server. After that when a domain user is logging in or logging off, Security Agent will log the user's username, IP address, current time and other information, and add the mapping between the username and IP address to the system. In this way the system can obtain every online user's IP address. Agent Port: Specifies an agent port. The value range is 1025 to 65535. The default port is 6666. Login Info Timeout: Specifies a login info timeout. The value range is 0 to 1800 seconds. The default value is 300. The value of 0 indicates never timeout.
Backup Authentication Server	Specifies a backup authentication server. After configuring a backup authentication server for the LDAP server, the backup authentication server will take over the authentication task when the primary server malfunctions or authentication fails on the primary server. The backup authentication server can be any existing local, Active-Directory, RADIUS or LDAP server defined in the system.