You can add a subset of domain objects (organizations, users, and groups) from an LDAP-based domain controller as a separate entity in the Command Center using LDAP attributes and filters.
This task is useful when configuring domain controllers for a mutli-tenant environment. For more information, see Examples of Configuring Domain Controllers for Multi-Tenant Environments.
Procedure
This procedure demonstrates how to register an organization within an AD domain controller using the base DN (distinguishedName) attribute.
-
From the navigation pane, go to Manage > Security > Identity server.
The Identity servers page appears.
-
In the upper-right corner of the page, click Add.
The Add domain dialog box appears.
-
On the LDAP tab, from the Directory type list, select LDAP server.
-
Enter the access information (Host, Username, and Password) for the domain controller.
-
Under Attribute Map, in the base DN row, click the edit button .
-
Replace the default value [baseDN] with the distinguishedName attribute for the AD organization that you want to add.
For example, an organization named Finance in the domain controller CompanyA might have the distinguishedName attribute OU=Finance,DC=CompanyA,DC=com.
-
Click the check button to save the new base DN value.
Note
Similarly, you can edit the User group filter and User filter attributes to further filter the groups and users you want to include in the domain controller entity For more information, see Domain Controller Settings for an LDAP Server.