Configure multiple LDAP servers

Multiple-LDAP functionality enables you to configure additional LDAP servers and retrieve rule object values from other LDAP servers.

Additional LDAP servers are configured in the custom properties file, with this structure and content:

multi.ldap.<N>.name=<LDAP server name>

multi.ldap.<N>.rootPath=<LDAP server root path>

multi.ldap.<N>.base=<LDAP server base>

multi.ldap.<N>.domain=<LDAP server domain name>

multi.ldap.<N>.username=<Username to connect to LDAP server2>

multi.ldap.<N>.password=<Encrypted password3>

multi.ldap.<N>.url=<LDAP server URL>

Where N stands for a plain number in a running sequence of numbers.

After configuring the LDAP servers, the McAfee Database Security management server must be restarted.

The configured servers appear in the SystemInterfacesLDAP.

When you configure the LDAP server credentials, the LDAP server password is encrypted using the migration tool. Run migration_tool.bat (located in the bin directory), then follow the on-screen instructions.


This configuration allows using the additional LDAP servers only as rule object data sources. You can log on to the McAfee Database Security management servers with an AD user using only the primary configured LDAP server (the server configured on the interface SystemsInterfacesLDAP ).

Once additional LDAP servers are configured, rule object values can be populated using those servers. To reference a group in an additional LDAP server, the fully qualifying name of the group is required (groups from the primary LDAP server can still be addressed using the short names).

Auto-complete is available for both the primary LDAP server and other configured servers.