Summary:
​
-
Create LDAP server profile
-
Create authentication profile
-
User Mappings
-
Agent
-
Server monitoring
-
-
Group Mapping
-
Enable User ID on zone (enable from sourcing zone, but not on outside / Internet facing zone)
​
Details:
​
1. Create a LDAP server profile
​
Note, I have a windows 2012 server with enabled AD role. It has an IP address 10.1.1.111
​

-
Create a LDAP server profile, filling the blanks. Uncheck "Require SSL/TLS secured connection" as we are testing this in our controlled environment. You may enable it in your production environment.

Note, do not forget to commit the change.
-
To test the AD communication. Create a test Group Mapping using the LDAP server profile we created above.

-
Now, go to Group Include List, as long as you can navigate the directory, you are able to communicate with the AD

​
2. Create an Authentication profile
​


3. Configure User Mapping
​
3.1 Configure an agent



3.2 Configure a server monitoring

4. Configure group mapping (attach LDAP server profile and User groups)

-
Here I am including domain admin and domain users

5. Enable User ID on a zone
​
-
I am enabling User ID on the Inside zone since user Tiger is residing in that zone

-
Let's log into Tiger's machine (aka. Joe)

Note, on the PC, configure DNS with AD server's IP
-
Monitor logs to prove User ID is enforcing
