LDAP host settings

LDAP host setting	Description
Host	The hostname or IP address of your Active Directory or server.
Port	Select 389 for Plain or TLS - This option is only available for SSL or TLS connect methods, and is only enabled if you have uploaded CA certificates. Select 636 for SSL. Note: TLS LDAPS communication occurs over port TCP 636. LDAPS communication to a global catalog server occurs over TCP 3269. When connecting to ports 636 or 3269, SSL/TLS is negotiated before any LDAP traffic is exchanged.
Bind DN	If you are using a dedicated LDAP service account, enter the fully-distinguished path for the user account, and then enter the password for the account in the next box. CN=`User Full Name` CN=`User OU` DC=`Domain Component 1` DC=`Domain Component 2` An example of a fully-distinguished path: `CN=ldapServceAccount,OU=ServiceAccounts,OU=Users,DC=mySecureCorpDomain,DC=myTLD` If you are using user accounts for LDAP Bind connection authentication and authorization, leave Bind DN and Password blank, providing anonymous access.
Password	Enter the password for the user account (specified in BindDN) used to connect to the LDAP service. Leave blank if Bind DN is blank.
Connect method	Plain - Do not use encryption to communicate with the LDAP server. Not recommended. SSL - Use the SSL protocol to communicate with the LDAP server. TLS - Use the TLS protocol to communicate with the LDAP server.
Validate server certificate	Select to validate the LDAP server’s security certificate against the local CA certificate store.

Host

The hostname or IP address of your Active Directory or server.

Port

Select 389 for Plain or TLS - This option is only available for SSL or TLS connect methods, and is only enabled if you have uploaded CA certificates.
Select 636 for SSL.

Note: TLS LDAPS communication occurs over port TCP 636. LDAPS communication to a global catalog server occurs over TCP 3269. When connecting to ports 636 or 3269, SSL/TLS is negotiated before any LDAP traffic is exchanged.

Bind DN

If you are using a dedicated LDAP service account, enter the fully-distinguished path for the user account, and then enter the password for the account in the next box.

CN=User Full Name
CN=User OU
DC=Domain Component 1
DC=Domain Component 2

An example of a fully-distinguished path:

CN=ldapServceAccount,OU=ServiceAccounts,OU=Users,DC=mySecureCorpDomain,DC=myTLD

If you are using user accounts for LDAP Bind connection authentication and authorization, leave Bind DN and Password blank, providing anonymous access.

Password

Enter the password for the user account (specified in BindDN) used to connect to the LDAP service. Leave blank if Bind DN is blank.

Connect method

Plain - Do not use encryption to communicate with the LDAP server. Not recommended.
SSL - Use the SSL protocol to communicate with the LDAP server.
TLS - Use the TLS protocol to communicate with the LDAP server.

Validate server certificate

Select to validate the LDAP server’s security certificate against the local CA certificate store.