TOC & Recently Viewed

Recently Viewed Topics

LDAP Servers with Multiple OUs

Tenable’s SecurityCenter LDAP configuration does not support the direct addition of multiple Organizational Units (OUs) in the LDAP configuration page. Two deployment options are possible for those with multiple OUs.

For general information about LDAP Servers, see LDAP Servers.

Option 1 (Recommended)

When you complete these changes, new users who are members of this group can log in immediately. No restart is required.

Before you begin:

  • In LDAP, add a new group for SecurityCenter users.
  • In LDAP, allow existing Active Directory users to become members of the new group.

To configure LDAP with multiple OUs (Option 1):

  1. Log in to SecurityCenter as an administrator user.

  2. Click Resources > LDAP Servers.
  3. Add the LDAP server, as described in Add an LDAP Server.

    Note: Use the Distinguished Name (DN) of the new group as the Search Base (e.g., CN=SecurityCenter,DC=target,DC=example,DC=com).

  4. Log out of SecurityCenter.
  5. Log in to SecurityCenter as the organizational user you want to manage the users.
  6. Create a user account for each Active Directory user in the new group, as described in Add a User.

    Set the LDAP Search String as =*.

Option 2

Use a high level Search Base in the LDAP configuration. For example: DC=target,DC=example,DC=com.

The example above could be used along with a Search String for global usage. As another example, you might use this search string, when used in the configuration, applies to all LDAP searches:

memberOf=CN=nested1,OU=cftest1,DC=target,DC=example,DC=com

Note: This option is limited to 128 characters.

To configure LDAP with multiple OUs (Option 2):

  1. Log in to SecurityCenter as an administrator user.

  2. Click Resources > LDAP Servers.
  3. Begin configuring the LDAP server, as described in Add an LDAP Server.

  4. Click Test LDAP Settings to test configurations.
  5. Log out of SecurityCenter.
  6. Log in to SecurityCenter as the organizational user you want to manage the users.
  7. Create a user account for each Active Directory user, as described in Add a User.

    Note: Select LDAP as the Type.

Copyright 2017 - 2018 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc. Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.