Product Documentation

To configure LDAP authentication by using the configuration utility

  1. Navigate to NetScaler Gateway >** Policies** > Authentication/Authorization > Authentication.

  2. Click LDAP.

  3. In the details pane, on the Policies tab, click Add.

  4. In Name, type a name for the policy.

  5. Next to Server, click New.

  6. In Name, type the name of the server.

  7. Under Server, in IP Address and Port, type the IP address and port number of the LDAP server.

  8. In Type, select either AD for Active Directory or NDS for Novell Directory Services.

  9. Under Connection Settings, complete the following:

    1. In Base DN (location of users), type the base DN under which users are located.

      The base DN is usually derived from the Bind DN by removing the user name and specifying the group where users are located. Examples of syntax for base DN are:

      pre codeblock ou=users,dc=ace,dc=com cn=Users,dc=ace,dc=com

    2. In Administrator Bind DN, type the administrator bind DN for queries to the LDAP directory. Examples for syntax of bind DN are:

      pre codeblock domain/user name ou=administrator,dc=ace,dc=com user@domain.name (for Active Directory) cn=Administrator,cn=Users,dc=ace,dc=com

      For Active Directory, the group name specified as cn=groupname is required. The group name that you define in Citrix Gateway and the group name on the LDAP server must be identical.

      For other LDAP directories, the group name either is not required or, if required, is specified as ou=groupname.

      Citrix Gateway binds to the LDAP server using the administrator credentials and then searches for the user. After locating the user, Citrix Gateway unbinds the administrator credentials and rebinds with the user credentials.

    3. In Administrator Password and Confirm Administrator Password, type the administrator password for the LDAP server.

  10. To retrieve additional LDAP settings automatically, click Retrieve Attributes.

    When you click Retrieve Attributes, the fields under Other Settings populate automatically. If you don’t want to do this, continue with Steps 12 and 13. Otherwise, skip to Step 14.

  11. Under Other Settings, in Server Logon Name Attribute, type the attribute under which Citrix Gateway should look for user logon names for the LDAP server that you are configuring. The default is samAccountName.

  12. In Group Attribute, leave the default memberOf for Active Directory or change the attribute to the attribute of the LDAP server type you are using. This attribute enables Citrix Gateway to obtain the groups associated with a user during authorization.

  13. In Security Type, select the security type and then click Create.

  14. To allow users to change their LDAP password, select Allow Password Change.

    Note: If you select PLAINTEXT as the security type, allowing users to change their passwords is not supported.

Note: If you select PLAINTEXT or TLS for security, use port number 389. If you select SSL, use port number 636.

To configure LDAP authentication by using the configuration utility

In this article