Easy lookup of OU's from Corporate Directory during Cloud Extender Configuration

Content

This feature addresses issues where administrators might generate LDAP validation errors from manually entering LDAP options in the Cloud Extender Configuration Tool. With this release, administrators can now automatically search and select from a list of options (search roots, filter groups) that automatically populate the Cloud Extender Configuration Tool LDAP/Advanced Mode configuration screens.

Note: This feature is only available for LDAP variants of the User Authentication and the User Visibility modules, but not for LDAP Active Directory.

User Authentication configuration

LDAP Domain Controller server search

• From the Server Name field, click the magnifying glass button. The Configuration Tool tries to locate the LDAP Domain Controller and auto-fill the Server Name field with a well-formed LDAP host name (for example: forest35.fiberlinkqa.local).
  
  Cloud Extender searches the root DSE level. If a machine is not joined to a domain, the Search returns no results and displays a no domains found message. If the Configuration Tool cannot determine the host name, an error message is displayed and the administrator must enter the server name manually. The port number defaults to the secure LDAP port 636.
  
  
   

Search user bases

The administrator can either enter one or more search bases manually, or click the magnifying glass button to initiate a search.

The Configuration Tool connects to the LDAP server (server/port configuration that is entered on the configuration screen) and runs a query for a list of potential search bases. The query results are organized by OU depth (the number of components in the OU) and displayed in a tree control ordered from the shallowest to the deepest depth.

The first two nodes in the tree view are expanded by default since most user search bases are derived from these levels of depth. The administrator can select individual search bases by checking their respective check boxes.

Checking the root check box for a node automatically selects or deselects all child nodes. Each select or deselect action results in an updated list of currently selected search bases in the list box on the right side of the screen. When the dialog is invoked, any existing search bases from the LDAP configuration screen are checked by default.

Click OK to populate the user search base list in the LDAP Search Base for Users section of the User Authentication configuration screen.

User Visibility configuration

LDAP Domain Controller server search

• From the Server Name field, click the magnifying glass button. The Configuration Tool tries to locate the LDAP Domain Controller and auto-fill the Server Name field with a well-formed LDAP host name (for example: forest35.fiberlinkqa.local).
  
  If the Configuration Tool cannot determine the host name, an error message is displayed and the administrator must enter the server name manually. The port number defaults to the secure LDAP port 636.
  
  
  
  

Search user bases

The User Visibility module uses the same search method as the User Authentication module. See the information for Search user bases under the User Authentication configuration section. 

Filter LDAP groups

When specifying LDAP groups in the Filter by Groups section, administrators must enter the Distinguished Name of each group. However, manually entering these options incorrectly might cause validation errors. A new magnifying glass button was added to the Filter by Groups section that allows administrators to search for all groups on the LDAP Server based on the server/port configuration entered in the server list box.

If more than one server is available, the first server in the list is used. If no group search base is configured on the User Visibility screen, the entire domain is searched. If a group search base is configured, the search results include only those groups within the search base. If more than one group search base is configured, the search results include all groups in either of the search bases minus duplicate entries. Results are displayed in a Grid View control with the group's Common Name in the left column and the group's Distinguished Name in the right column.

When the dialog is invoked, the group search bases that are currently configured are displayed and selected by default. The admin can select one or more entries and click OK. The Distinguished Names of each selected group are returned and added to the group filter list box.