Entrust PKI Hub 1.0 - Installation and Administration Guide [PDF]

In the Lightweight Directory Access Protocol (LDAP) server, add the following attributes to the authorized users.

Attribute	Value
email	An email address to identify the user uniquely.
memberOf	The name of the group to which the user belongs. You can only omit this attribute if you also omit the Required Group Name setting described below.

In the Entrust PKI Hub console, configure the following settings for an LDAP identity provider.

Active

Mark this checkbox to enable the identity provider.

LDAP URI

Paste the URI of the LDAP or Active Directory server.

When the URI does not include the LDAP port, 389 is assumed.

User DN Template

Enter a template for building the user's DN – for example:

uid={0},ou=users,dc=abccorp,dc=dev,dc=entrust,dc=com

Required Group Name

Enter the value of the memberOf LDAP attribute for users with login permissions. Enter the name of an LDAP group, not the full DN – for example, CorpUser grants access to members of an LDAP group with the following DN.

cn=CorpUser,ou=groups,dc=abccorp,dc=dev,dc=entrust,dc=com

Omit this optional field to authorize all LDAP users.

LDAP SSL CA Bundle (PEM)

Paste the certification chain of the LDAP server SSL certificate, as a bundle in PEM format.

This parameter is mandatory for LDAPS connections when the LDAP server SSL certificate issuer is not a publicly trusted CA.

Active Directory

Mark this checkbox for configuring Active Directory-specific parameters.

Active Directory Email Domain

Enter the domain of the Active Directory email addresses.

Active Directory Base Lookup DN

Enter the root base for searching distinguished names in the Active Directory.