Domain configuration reference

Select the check box to use the value in the Domain field for retrieving SRV (Service) records for the LDAP service cluster.

Clear the check box to add records to the table manually.

The name of the domain from which you want to retrieve SRV records.

Click Refresh to refresh the information in the table using the value in the Domain field.

The SRV record table displays information about SRV records. Each row in the table represents one SRV record. Each row contains the following columns:

Enabled: Select this check box to use the record. Otherwise, the record is ignored.
Hostname: The target machine on which the LDAP service is running.
Port: The port used to connect to the LDAP service. Typically, the port 389 is used for non-secure (None) or StartTLS mode and 636 is used for SSL mode.
TTL: The Time To Live value defined as the time interval (in seconds) that the LDAP service record can be cached before the source of the information (for example, the domain) should again be consulted. A value of zero means that the LDAP record can only be used for the transaction in progress, and should not be cached. You can also use a value of zero for extremely volatile data.
Priority: The priority of the LDAP server. Attempts are made to contact LDAP servers with the lowest-numbered priority first. LDAP servers with the same priority are contacted in the order specified by the Weight field.; Possible values:0-65535
Weight: A server selection mechanism that specifies a relative weight for entries with the same priority. Larger weights are given a proportionately higher probability of being selected. Use a zero value when server selection is not required.; When there are records with weight values greater than zero, records weighted with a zero value will have a very small chance of being selected. When all priority and weight values are the same, the LDAP servers are selected in random order.; Possible values:0-65535

The base organizational unit where the users are defined. Contact your directory administrator for the correct Base DN value. (The Base DN value entered here can be overridden in a local user host LDAP mailbox.)

The examples the table below show sample base organizational units for the supported directory types.

Directory Type	Example Base DN
Active Directory	`OU=Employees,DC=company,DC=com`
Apache Directory Services	`OU=Users,DC=example,DC=com`
Lotus Domino	`O=SCNotes`
Novell eDirectory	`O=Company Organization`
DirX	`ou=Users,o=Company`

Optional. Used to limit the amount of information returned from the LDAP server when many users are defined. A more restrictive filter can be specified as a comma separated list. If necessary, contact your directory administrator to determine the appropriate attributes and values. You can override the value entered here in a local user host LDAP mailbox.

The following table contains example lists with sample attribute names and values.

Search Filter	Description
`department=EDI`	Limits the search to entries that have the attribute, `department`, with a value of `EDI`.
`department=EDI,group=administrators`	Limits the search to entries that must match two attributes. The user must be in the `EDI` department and in the `administrators` group.
`department=EDI,telephoneNumber=800*`	Limits search to EDI department members with a telephone number starting with `800`.
`objectclass=person`	Limit the search to entries that are people if the Base DN contains other entries (for example, computers) and people.
`!(userAccountControl:1.2.840.113556.1.4.803:=2)`	Excludes disabled accounts - in Active Directory, if an account is disabled, bit `0x02` in the `userAccountControl` attribute value is on. `1.2.840.113556.1.4.803` is the rule object ID (ruleOID) for the LDAP bitwise `AND` operator.

If the value to search in has any of the following special characters, they must be substituted in the Search Filter with the corresponding escape sequence.

ASCII character	Escape Sequence Substitute
`*`	`\2a`
`(`	`\28`
`)`	`\29`
`,`	`\2c`
`\`	`\5c`
`NUL`	`\00`
`/`	`\2f`

The Username Attribute is the directory attribute that matches the username entered when a login is required. The following table contains typical attribute names for the supported directory types.

Directory Type	Username Attribute
Active Directory	`sAMAccountName`
Apache Directory Services	`Uid`
Lotus Domino	`CN`
Novell eDirectory	`CN`
DirX	`cn`

The LDAP Server Advanced Settings dialog box displays when you click Advanced on the LDAP Server tab. Use this dialog box to specify values for password expiration checking.

Enable Password Expiration Checking: Select this check box to enable password expiration checking and the rest of the fields in the dialog box. Password expiration checking provides a daily email notification to the system administrator.
Warning Days Before Password Expiration: The range of days within which a notification is generated.
Daily Time Check: The time of day password expiration is checked.
To: The email address of the recipient of the daily password expiration check notification. You can specify multiple recipients. Separate email addresses by commas (,), semi-colons(;) or colons(:).; One or more individual users can also receive an email notification, if specified, when the Security Mode is not set to None and an email address is configured for the users (as part of his Active Directory settings). A Web Portal user whose password hasn't already expired is directed to the web link (see Providing access to the web portal) where they can change their password. Otherwise, they are directed to contact the system administrator for assistance in changing it.; Default value: The System Administrator email address defined in the Options > Other panel in the native UI or Administration > System > Other in the web UI.
From: The email address of the sender of the daily password expiration check notification. If this field contains multiple email addresses, only the first address is displayed.; Default value: The System Administrator email address defined in the Options > Other panel in the native UI or Administration > System > Other in the web UI.
Subject: String that appears in the Subject field of the daily password expiration check notification.