7.3.6 Setting Link with Directory Server
Link with Directory Server specifies the server name, port number, or other information necessary for authenticating login by linking with a directory server. It also specifies the type of character encoding that is used by the directory server when an access definition file is created to link with the directory server.
Link with Directory Server specifies the following items:
- Organization of this subsection
(1) Directory server usage
In Directory server usage, specify whether to use a directory server for login authentication.
To use a directory server for login authentication, select Use for authentication only.
-
Permitted value
-
Use for authentication only
Uses a directory server for login authentication.
-
Do not use (default)
Does not use a directory server for login authentication.
-
(2) Code set
In Code set, specify the type of character encoding to be used. You must specify this item if you are creating an access definition file to link with a directory server.
-
Permitted value
-
SHIFT-JIS
Sets SHIFT-JIS encoding.
-
UTF-8 (default)
Sets UTF-8 encoding.
-
(3) Server name
Server name specifies the host name or IP address of the directory server. You must specify this item if you plan to perform login authentication by linking with a directory server.
-
Permitted value
The permitted value is 1 to 255 bytes of alphanumeric characters and symbols. The default is AssetHost.
(4) Port number
Port number specifies the port number of the directory server. You must specify this item if you plan to perform login authentication by linking with a directory server.
-
Permitted value
A value between 1 and 65,535. The default is 389.
(5) Access user
Access user specifies the DN of the user who will access the directory server's information entries. You must specify this item if you plan to perform login authentication by linking with a directory server.
You must execute the LDIFDE command of Active Directory in advance and output a user information list to investigate the DN of the user whom you wish to use as an access user. For details about the investigation method, see 5.5.1 Login authentication.
Additionally, specify a password in the Set Password dialog box.
-
Permitted value
The permitted value for an access user is 1 to 255 bytes of alphanumeric characters, symbols, and kanji characters. By default, this item is left blank.
The permitted value for a password is 1 to 255 bytes of alphanumeric characters, symbols ,and single-byte katakana characters. By default, this item is left blank.
(6) Response monitoring time
Response monitoring time specifies the time in seconds to monitor for the directory server to respond to a search request. If the directory server does not return a response within the monitoring time, a communication error is considered to have occurred and the processing is terminated. If a large number of processes use the directory server service and communication errors occur frequently during login authentication, specify a large value for the monitoring time. You must specify this item if you plan to perform login authentication by linking with a directory server.
-
Permitted value
The permitted value is 1 to 65,535 seconds. The default is 60 seconds.
(7) User information DN
User information DN specifies the DN that becomes the basis for user information search. You must specify this item if you plan to perform login authentication by linking with a directory server.
You must execute the LDIFDE command of Active Directory in advance and output a user information list to investigate the DN of the organization from which to search for users during Asset Console login authentication. For details about the investigation method, see 5.5.1 Login authentication.
-
Permitted value
The permitted value is 1 to 255 bytes of alphanumeric characters , single-byte katakana characters, symbols, and kanji characters. The default is ou=people,o=xxxxxxx.com.
(8) User ID attribute name
User ID attribute name specifies the attribute name of the user information to be used as the user ID for logging in to Asset Console. You must specify this item if you plan to perform login authentication by linking with a directory server.
You must execute the LDIFDE command of Active Directory in advance and output a user information list to investigate the attribute name of the user ID to be used during Asset Console login authentication. For details about the investigation method, see 5.5.1 Login authentication.
-
Permitted value
The permitted value for a user ID attribute name is 1 to 255 bytes of alphanumeric characters, symbols, single-byte katakana characters, and kanji characters. The default is uid.
Note that an attribute called uid is not provided in the directory server's standard user object. Therefore, add the uid attribute to the directory server's user object as needed and specify the user ID to be used for login authentication. Alternatively, instead of uid, specify an attribute name under which a user ID to be used for Asset Console login authentication is stored.
(9) User name attribute name
User name attribute name specifies the attribute name of the user information to be used as the Asset Console user name.
You must execute the LDIFDE command of Active Directory in advance and output a user information list to investigate the attribute name to be used as the Asset Console user name. For details about the investigation method, see 5.5.1 Login authentication.
-
Permitted value
The permitted value for a user ID attribute name is 1 to 255 bytes of alphanumeric characters, symbols, single-byte katakana characters, and kanji characters. The default is cn.