How do I set up a RazorSafe to use Microsoft Active Directory authentication?

Issue

How do I set up a RazorSafe to use Microsoft Active Directory authentication?

Solution

You must create an LDAP User Authenticator for Active Directory, using the LDAP Authenticator Wizard within the RazorSafe administration interface:

Log in to the RazorSafe appliance.
Click the Users and Groups tab.
Under the Alternate Authentication section on the left menu bar, click LDAP/Active Directory.

The LDAP User Authenticators page appears.

Type in a name for the authenticator in the text field and click Add Auth.

The LDAP Authenticator Wizard appears. The Configuration Name text field displays the name you entered.
From the Server Type drop-down menu, select Microsoft Active Directory.
Click next.
In the Verify LDAP attribute names area, accept the default entries by clicking next.
In the Enter LDAP bind and search information area, complete the following steps:

In the Server Name text field, type in the hostname or IP address of the Active Directory server.
(Optional) If you are using an SSL connection, select the Use SSL checkbox.
Make sure that the Port Number text field is accurate for your environment. The default port number is 389.
In the Bind Username text field, type in an Active Directory username. This information is required because, by default, Active Directory does not allow anonymous access to directory information. The username must be in the format of DOMAIN\USERNAME. The NetBIOS domain name is required.
In the Password text field, type in the password for the Active Directory user.
In the BaseDN (Base Distinguished Name) text field, use the form:

ou=OU name,dc=domain name,dc=domain suffix

For example, an organization named Foo has an Active Directory domain named
foo.com. In Active Directory they have created an OU for each of their offices, Central Office and Remote Office. They want to assign different rights to their
employees based on which office they reside in. For this example, 2 authenticators would need to be created, where:

In the first authenticator, the Central Office's BaseDN would be:
ou=Central Office,dc=foo,dc=com

In the second authenticator, the Remote Office's BaseDN would be:
ou=Remote Office,dc=foo,dc=com

Make sure that the Address Required checkbox selected and that the LDAP Server Timeout is left at the default (30 seconds).
Click next.
In the Choose whether or not to filter ldap users by group area, accept the default selection by clicking next.

The next areas in the wizard are where you set the basic options (i.e., session timeout, language, etc.), permissions, and default homepage for all users within this particular OU. For more information, see the RazorSafe online help.