Where to find bind dn

Active 22 days ago. Viewed 99k times. Improve this question. Add a comment. Active Oldest Votes. Improve this answer. John John 8, 1 1 gold badge 27 27 silver badges 33 33 bronze badges. Does the bindDN always correspond to a node in the directory? Or can it be an arbitrary string? It must correspond to a node that has the capability of carrying a password attribute or otherwise being authenticated against.

Tomayto, tomahto. Do not get confused between the baseDN and the bindDN. Quote: emphasis added There is no standard that mandates any particular structure for LDAP DITs, so directory servers may hold entries in any kind of hierarchical arrangement.

StackzOfZtuff 1, 11 11 silver badges 20 20 bronze badges. Marcelo Marcelo 4 4 silver badges 5 5 bronze badges. That seems like an unnecessarily confusing design, but your explanation does make sense. Yeah, I agree. Naming your root too look like a path is not the best choice but I guess it must have its reasons. Sign up or log in Sign up using Google.

Sign up using Facebook. Sign up using Email and Password. After comparing what is in Softerra and what is in Symantec Encryption Management Server, the credentials should match exactly. A copy and paste will ensure no typos are made. This will start the query from the top level down, but this can be configured to search lower in the tree. When multiple Symantec Encryption Desktop Consumer policies are going to be used, it is helpful to configure attributes and values to help assign users into these groups dynamically auto-detect instead of creating many static custom preset policies.

In order to get the Consumer Policy desired, match into the Group, and ensure the Consumer Policy is linked to that Group. Specifying Attributes and Values in the individual Groups on Symantec Encryption Management Server will allow individual users into separate Groups that have been created, and corresponding Consumer Policies. The Attributes and Values should match exactly.

Once you have followed these basic guidelines, you should be able to get Users to be assigned to your specific Groups based on attributes and values once either enrollment completes or Gateway placement users send email through the Symantec Encryption Management Server. There are a few methods for doing so: Method 1: Powershell The first method is to use Powershell, which requires the Active Directory Powershell Module part of the Administration tools.

If you wanted to show the "proxyaddresses" attribute, put in the following command: get-aduser username-here -Properties proxyaddresses This will limit the results to only this attribute. SGD can be configured to warn users that their password is about to expire, and to force them to change their password before it expires, see Section 2.

For SGD to be able to do this, the following must be true:. If your directory server does not meet these requirements, and you want SGD to handle password change, you must configure SGD to use the administrator bind DN for password change operations.

On some LDAP directories, password change operations performed using the administrator bind DN are treated as a password reset rather than a change operation. Do not use the "User must change password after reset" option either in the global password policy or for an individual password policy. This causes the password change to fail. To use eDirectory with SGD, do either of the following:. Users might not be able to authenticate Novell eDirectory because the user login filter for LDAP authentication filters for the cn attribute and this attribute is a restricted attribute in eDirectory.

Change the user login filter so that it does not filter the cn attribute. If the first LDAP directory server in the list is unavailable, the next one is tried. Otherwise the port number can be omitted. This specifies the part of the LDAP directory used to search for the user identity. This is the administrator bind DN, see Section 2. If the directory server supports anonymous binds, you can omit the user name and password.

You must be able to perform LDAP queries for user data to use anonymous binds. On the Review Selections step, check the authentication configuration and click Finish.

When you click Finish, SGD creates a service object called generated.