![]() |
![]() |
![]() |
![]() |
![]() |
Security > Proxy user authentication > Multiple realm authentication > Creating an LDAP authentication realm rule
|
After entering all specifiers, you must click Add before you click Apply. If Apply is clicked first, or the edit window is closed, all entry fields are cleared.
|
1.
|
If Content Gateway is a transparent proxy, go to Configure > Security > Access Control and review and adjust the Transparent Proxy Authentication settings.
|
2.
|
Go to Configure > Security > Access Control > Authentication Realms. A list of all existing authentication realm rules is displayed at the top of the page.
|
3.
|
Click Edit file to open the rule editor.
|
4.
|
5.
|
Select Enable if you want the rule to be active when the rule definition process is complete.
|
6.
|
Give the rule a unique Rule Name. A short, descriptive name makes administration of rules easier
|
7.
|
If the rule is to be applied to specific IP addresses, in the Source IP field, enter a comma-separated list of individual IP addresses and IP address ranges. Do not use spaces. For example:
|
8.
|
To apply the rule to specific User-Agent values, enter POSIX-compliant regular expressions to match the desired values. To specify a common browser type, select a predefined regex from the drop down list and click Add.
|
9.
|
If the rule is for traffic coming in on a specific port, select the Proxy Port from the drop down list. This option is valid with explicit proxy only.
|
10.
|
Cookie Mode Caching: When users are NATed or are routed through a proxy chain, resulting in multiple users with the same IP address, you can enable Cookie Mode Caching to identify unique users and cache their credentials.
|
![]() |
For transparent deployments, Redirect Hostname must be defined on the Configure > Security > Access Control > Transparent Proxy Authentication tab.
|
![]() |
When the browser is Internet Explorer, the full proxy hostname in the form "http://host.domain.com" must be added to the Local intranet zone.
|
![]() |
When the browser is Chrome, it must be configured to allow third-party cookies (this is not set by default), or configured for an exception to allow cookies from the proxy hostname in the form "host.domain.com".
|
11.
|
To specify an alias name to send to Filtering Service, open Advanced Settings and select Aliasing. In the field, specify the name to use. If no name is specified (the entry field is left blank), Web Security will behave as configured when servicing requests that do not include a user name. For more information about aliasing, see Unknown users and the 'alias' option.
|
12.
|
In the LDAP Server Name field, enter the fully qualified domain name and port number, or IP address of the LDAP server.
|
13.
|
If the LDAP server port is other than the default (389), in the LDAP Server Port field, enter the LDAP server port.
|
14.
|
Enter the LDAP Base Distinguished Name. Obtain this value from your LDAP administrator.
|
15.
|
Optionally, enter the LDAP UID filter. Use this field to specify the server type when it differs from the Server Type value specified on the LDAP tab (the default value). Enter sAMAccountName for Active Directory, or uid for any other service.
|
16.
|
In the Bind DN field, enter the bind distinguished name. This must be a Full Distinguished Name of a user in the LDAP directory service. For example:
|
17.
|
18.
|
Check Secure LDAP if you want Content Gateway to use secure communication with the LDAP server.
|
21.
|
Click Add to add the rule.
|
23.
|
Click Apply and then restart Content Gateway to put the rule into effect.
|
Provide us feedback on your experience with the Service Request portal.
provide feedback >
![]() |
![]() |
![]() |
![]() |
![]() |
Security > Proxy user authentication > Multiple realm authentication > Creating an LDAP authentication realm rule
|