TOC & Recently Viewed

Recently Viewed Topics

LDAP Servers with Multiple OUs

Tenable’s SecurityCenter LDAP configuration does not support the direct addition of multiple Organizational Units (OUs) in the LDAP configuration screen. Two deployment options are possible for those with multiple OUs.

Option 1 (Recommended)

  • Add a container (e.g., group) only for SecurityCenter users.
  • Allow existing Active Directory users to become members of the newly created group.
  • Use the Distinguished Name (DN) of this group as the Search Base. For example: CN=SecurityCenter,DC=target,DC=example,DC=com.

When you complete these changes, new users who are members of this group can log in immediately. No restart is required.

Example

  1. Log in as an admin user.
  2. Click System > Configuration > LDAP.

  3. Log out as the admin user.
  4. Log in as the organizational user who manages the user in question.
  5. Create the new user and set the LDAP Search String as =*.

Option 2

Use a high level Search Base in the LDAP configuration. For example: DC=target,DC=example,DC=com.

The example above could be used along with a Search String for global usage. As another example, you might use this search string, when used in the configuration, applies to all LDAP searches:

memberOf=CN=nested1,OU=cftest1,DC=target,DC=example,DC=com

Note: This option is limited to 128 characters.

Example

  1. Log in as an admin user.
  2. Click System > Configuration > LDAP.

  3. Click Test LDAP Settings to test configurations.
  4. Log out.
  5. Log in as the organizational user who manages the user in question.
  6. Create the new user:

  7. Select LDAP as the Type.

Copyright 2017 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.  Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc.  All other products or services are trademarks of their respective owners.