Repository Configuration

Configure Active Directory Repository

1. Under the “User Repositories” tab of the PortalGuard Configuration Editor, select the existing “Active Directory” repository and click the “Edit” button.

2. On the “LDAP Basic” tab click the “Config/DN lookup” button.

3. Verify the Domain and Base DN values are correct on the “Generic User” popup.This will be correct if the server has been joined to the domain.On the same dialog, enter the short name of a “generic” service user account (this account only needs to have “read” permission) and click “OK”.

4.Verify the settings on the next dialog and click “OK”

5. Enter the password for the Generic User:

6. Click the “Test Settings” button.

7. Clicking the “Test Settings” button should result in the “Validated settings” pop-up. If this message does not display, consult the troubleshooting section of this document.

8. Click the “OK” button to continue.

9. Click on the “Native Windows” tab.

10. Check the “Native Windows Authentication” check box only if the server is joined to your AD domain.If not, skip to step 16.

11. If the server is joined to the domain, the “AD Admin Domain” and “Default AD Domain” fields will already be correctly populated.

12. Enter the short name of a user with administrative privileges.

13. Enter the password for the administrative user.

14. Clicking the “Test Settings” button should result in the below “Validated settings” pop-up. If this message does not display, consult the troubleshooting section of this document.

15. Click the “OK” button to continue.

16. Click the “Help Desk” tab.

17. Click the “Add” button.

18. Enter the short name of an account you want to be able to modify users of this repository.

19. Click “OK”

20. Repeat steps 15 and 16 for all the accounts that should have access to modify users of this repository.

21. Click “Save”.

Configure Domino LDAP Repository (Optional)

1. Under the “User Repositories” tab of the PortalGuard Configuration Editor, select the existing “Active Directory” repository and click the “Edit” button.

2. Change the “Active Directory” text in the “Name” field to “Domino LDAP”.

3. Change the “Active Directory” text in the “Display Name” field to “Domino LDAP”.

4. Leave the “Repository Type” field set to “LDAP”.

On the “LDAP Basic” tab:

1. Select the “IBM Lotus Domino” value from the drop down in the “Vendor” field.

2. Set the “Server” field to the DNS or IP Address of the Domino LDAP server.Multiple servers can be specified by separating each with a single space for failover.

3. Set the “Port” field to 636.

4. Set the “Protection” field to “SSL (Encryption)”.

5. Set the “Base DN” field to the correct DN.Replace “O=Organization” with yours.

6. Set the “Generic User” field to the fully qualified name of the Domino administrator created for this PortalGuard POC. e.g. cn=administrator, cn=users,dc=company,dc=com

7. Enter the password for the administrator account.

8. Click the “Test Settings” button.

9. Clicking the “Test Settings” button should result in this “Validated settings” pop-up. If this message does not display, look in the troubleshooting section of this document.

10. Click the “OK” button to continue.

On the “LDAP Advanced” tab:

11. Set the “Login Field” and Mapping Field to “uid”.

12. Click the “Save” button.

13. On the Domino server, SSL will have to be enabled.If needed, this link explains how to SSL enable Domino.

Configure Multiple Primary Repositories (Optional)

1. Configure as many repositories that are required following the guidelines above for creating PortalGuard User Repositories.

2. From the “Resolution” tab of each user repository configure them as follows:

1. Verify the “Allow as Primary?” check box is enabled.

2. Choose one of the following three options for specifying which repository the user wants to login against at the PortalGuard prompt:

A. Enter a “Prefix” value that the user should enter in front of their username.Usually this is the domain name and the “\” character should be included.An example entry, “mydomain\” specified here would tell PortalGuard to use this directory if the user Jack Maher entered his username as “mydomain\jmaher”.Select the “Remove After Resolution?” checkbox if the specified prefix value should not be used during the search for the user.(see screenshot below)

B. Enter a “Suffix” value that the user should include at the end of their username.This is usually the domain name preceded by the “@” symbol and looks like an email address. An example entry, “@mydomain” specified here would tell PortalGuard to use this directory if the user Jack Maher entered his username as “jmaher@mydomain”. Select the “Remove After Resolution?” checkbox if the specified prefix value should not be used during the search for the user. (see screenshot below)

C. To tell PortalGuard to use this directory if the user uses a specific hostname in the navigation URL when accessing the PG login prompt, make an entry in the “Host Names” field with that hostname value.