LDAP Servers with Multiple OUs

Tenable’s Tenable Security Center Director LDAP configuration does not support the direct addition of multiple Organizational Units (OUs) in the LDAP configuration page. Two deployment options are possible for those with multiple OUs.

For general information about LDAP Servers, see LDAP Authentication.

Option 1 (Recommended)

When you complete these changes, new users who are members of this group can log in immediately. No restart is required.

Before you begin:

  • In LDAP, add a new group for Tenable Security Center Director users.
  • In LDAP, allow existing Active Directory users to become members of the new group.

To configure LDAP with multiple OUs (Option 1):

  1. Log in to Tenable Security Center Director via the user interface.

  2. Click Resources > LDAP Servers.

  3. Add the LDAP server, as described in Add an LDAP Server.

    Note: Use the Distinguished Name (DN) of the new group as the Search Base (e.g., CN=Tenablesc,DC=target,DC=example,DC=com).

  4. Log out of Tenable Security Center Director.
  5. Log in to Tenable Security Center Director as the organizational user you want to manage the users.

  6. Create a user account for each Active Directory user in the new group, as described in Add an LDAP-Authenticated User.

    In the Search String box, type =*.

Option 2

Use a high level Search Base in the LDAP configuration. For example: DC=target,DC=example,DC=com.

The example above could be used along with a Search String for global usage. As another example, you might use this search string, when used in the configuration, applies to all LDAP searches:

memberOf=CN=nested1,OU=cftest1,DC=target,DC=example,DC=com

Note: This option is limited to 128 characters.

To configure LDAP with multiple OUs (Option 2):

  1. Log in to Tenable Security Center Director via the user interface.

  2. Click Resources > LDAP Servers.

  3. Begin configuring the LDAP server, as described in Add an LDAP Server.

  4. Click Test LDAP Settings to test configurations.
  5. Log out of Tenable Security Center Director.
  6. Log in to Tenable Security Center Director as the organizational user you want to manage the users.

  7. Create a user account for each Active Directory user, as described in Add an LDAP-Authenticated User.

    In the Search String box, type =*.