Summary:
​
-
Create LDAP server profile
-
Create authentication profile
-
User Mappings
-
Agent
-
Server monitoring
-
-
Group Mapping
-
Enable User ID on zone (enable from sourcing zone, but not on outside / Internet facing zone)
​
Details:
​
1. Create a LDAP server profile
​
Note, I have a windows 2012 server with enabled AD role. It has an IP address 10.1.1.111
​
-
Create a LDAP server profile, filling the blanks. Uncheck "Require SSL/TLS secured connection" as we are testing this in our controlled environment. You may enable it in your production environment.
Note, do not forget to commit the change.
-
To test the AD communication. Create a test Group Mapping using the LDAP server profile we created above.
-
Now, go to Group Include List, as long as you can navigate the directory, you are able to communicate with the AD
​
2. Create an Authentication profile
​
3. Configure User Mapping
​
3.1 Configure an agent
3.2 Configure a server monitoring
4. Configure group mapping (attach LDAP server profile and User groups)
-
Here I am including domain admin and domain users
5. Enable User ID on a zone
​
-
I am enabling User ID on the Inside zone since user Tiger is residing in that zone
-
Let's log into Tiger's machine (aka. Joe)
Note, on the PC, configure DNS with AD server's IP
-
Monitor logs to prove User ID is enforcing
