Active Directory settings
Use the information to assist you when configuring the Authentication to use Active Directory.
Authentication scheme
The system or service for managing user names, passwords, groups, and authentication, can be specified.
Local Exclusively managed within this system.
LDAP Any LDAP directory service (do not select for configuring Windows Active Directory)
Active Directory Windows Active Directory service
RADIUS RADIUS authentication server
TACACS+ TACACS+ authentication server
Default User Group
Any end user who is not assigned to a user group is automatically placed into the group chosen from this list and given the permissions it grants. The default is None.
If set to None, any user attempting to log in must already exist in the Users table before any authentication attempt to the third-party authentication server is made. If the attempting user does not exist in the Users table, they are always denied and no authentication attempt is made.
Enable Session Timeout
If selected, user sessions terminate after N-minutes of inactivity.
This minimizes the chances of an unattended user session being hijacked.
Session Timeout (Minutes)
Sets the duration of user inactivity before a session terminates.
Valid Input: The default is 0, which means that the session never times out.
Cache authentications (Minutes)
Sets how long, in minutes, successful authentications are cached.
This reduces the frequency of authentication requests made to the third-party authentication server.
The host address of the Active Directory server.
Valid Input: Valid addresses include IPv4, IPv6, or DNS name.
The port number of the Active Directory server. The default is 389.
The protocol version of LDAP the Active Directory host uses.
Connection security
The security type for authenticating and encrypting connections.
Base DN
The Base Distinguished Name is the point in the directory tree from which users are verified. This might be the root or some place lower in the tree to limit the number of users returned. Required.
Example: dc=networkinstruments,dc=com
Administrators should find the Base DN directly from the Active Directory server to ensure accuracy.
The parent domain name.
A fully-qualified domain name (FQDN) does not need to be specified.
Bind DN
The Bind Distinguished Name is required for importing user accounts from the Active Directory server.
The Bind DN user account needs domain user privileges, and administrators should find a suitable Bind DN directly from the Active Directory server to ensure accuracy.
Bind password
The password of the Bind DN.
Timeout in seconds
The duration (in seconds) a connection attempt waits before aborting. The default is 10.
A connection retry attempt is made if this value elapses.
To use Active Directory, you must configure this Active Directory settings page after OMS is installed.
Figure 11: This settings page is located at: Auth > Authentication.
OMS Active Directory migration aidOMS Active Directory migration aid