Add Directory Server screen details

The IP address or host name of the server that hosts the authentication directory service. You must specify this information so that the appliance can access it.

The LDAPS (LDAP over SSL) port to be used.

The appliance and the authentication directory service use LDAPS when communicating.

Installing a certificate ensures integrity and authenticity between the appliance and the authentication directory service.

If you leave this check box unchecked, the appliance attempts to fetch the server certificate chain and trusts the topmost certificate (either root CA or intermediate CA) that it can reach.

Selecting this check box reveals the Directory server certificate field in which you can paste an X509 certificate that you copied from the directory service provider.

	NOTES: The public key for the directory server certificate must be based on an RSA algorithm. Non-RSA based public keys are not supported. If directory-server-host is a DNS server that uses a load balancing method, also referred to as round robin DNS, you will need to get the certificate for the server using its IP address. You can retrieve the IP address for a round robin DNS server with the nslookup command. For example, if the server is regionspecific.cpqcorp.net, retrieve its IP address with the command: nslookup regionspecific.cpqcorp.net