LDAP host settings

LDAP host setting Description
Host The hostname or IP address of your Active Directory or server.
  • Select 389 for Plain or TLS - This option is only available for SSL or TLS connect methods, and is only enabled if you have uploaded CA certificates.
  • Select 636 for SSL.
Note: TLS LDAPS communication occurs over port TCP 636. LDAPS communication to a global catalog server occurs over TCP 3269. When connecting to ports 636 or 3269, SSL/TLS is negotiated before any LDAP traffic is exchanged.
Bind DN If you are using a dedicated LDAP service account, enter the fully-distinguished path for the user account, and then enter the password for the account in the next box.
  • CN=User Full Name
  • CN=User OU
  • DC=Domain Component 1
  • DC=Domain Component 2

An example of a fully-distinguished path:


If you are using user accounts for LDAP Bind connection authentication and authorization, leave Bind DN and Password blank, providing anonymous access.

Password Enter the password for the user account (specified in BindDN) used to connect to the LDAP service. Leave blank if Bind DN is blank.
Connect method
  • Plain - Do not use encryption to communicate with the LDAP server. Not recommended.
  • SSL - Use the SSL protocol to communicate with the LDAP server.
  • TLS - Use the TLS protocol to communicate with the LDAP server.
Validate server certificate Select to validate the LDAP server’s security certificate against the local CA certificate store.