[LDAP Server] Screen

This screen is displayed by clicking [LDAP Server] on the [LDAP Sync] screen.

image

[Setting Method]

Select [Follow Machine Settings] or [Set Individually]. [Follow Machine Settings] can be selected when the device is set to LDAP external authentication and the authentication method is set to user attribute authentication. If you selected [Follow Machine Settings], only enter [Search Time-Out] and [Query Filter].

[IP Address (Host Name)]

Enter the address of the LDAP server.

[Port]

Enter the port number of the LDAP server.

[LDAP - SSL / TLS Communication]

Select this check box to enable LDAP using SSL/TLS communication.

  • Also enable SSL/TLS communication on the LDAP server side. If the LDAP server uses a self-signed certificate, it is also necessary to import the server certificate to the device.

[Verify Remote Server Certificate]

Displays whether to perform SSL certification verification to prevent eavesdropping or tampering of the communication data when SSSL/TLS Communication is enabled on the LDAP server side. Settings are changed from the device.

[Search Directory Root]

Enter the directory root for searching. Up to 255 ASCII characters (printable characters) can be entered.

[Login Name]

Enter the login name for searching.

[Password]

Enter the password for searching.

[Search Time-Out]

Enter the maximum number of seconds for the search time.

[LDAP Referrals]

Select this check box to enable LDAP referral (the function which enables a server that receives a client request to connect to a different server, depending on the situation). Configure it according to the specifications and configuration of the destination LDAP server. With Entra ID, this is determined based on whether there are multiple domain controllers.

[LDAP Referral Hop Limit]

This is the upper limit on LDAP referral hops to prevent load on the LDAP server. Configure it according to the configuration of the destination LDAP server.

[Query Filter]

Enter the search filter conditional expression for LDAP. The users that match the conditional expression are set as the target for synchronization. The default value is for Entra ID, and removes disabled users from the target for synchronization. Up to 1,024 ASCII characters (printable characters) can be entered.

  • To escape special characters, enter two escape characters (\\) and a hexadecimal ASCII value.

    Example: When entering LDAP attribute values, enter "\\5c" for a backslash or "\\2c" for a comma.