12.5. Users Catalogs

To work with users catalogs, a correctly configured LDAP connector is needed that enables information to be obtained on users and groups from Active Directory or other LDAP servers. The users and groups can be used in configuring policies applied to managed devices.


Auth servers configured in managed device templates are not used to specify users or groups in policy rules.

To create a catalog, click Add and provide these settings:




Enables or disables this LDAP connector.


The name of the LDAP connector.


This specifies whether SSL is required to connect to the LDAP server.

LDAP domain name or IP address

The IP address of the domain controller, the domain controller FQDN or the domain FQDN (e.g., test.local). If the domain controller FQDN is specified, UserGate will obtain the domain controller's address using a DNS request. If the domain FQDN is specified, UserGate will use a backup domain controller if the primary one fails.

Bind DN ("login")

The username for connecting to the LDAP server. Must be in the DOMAIN\username or username@domain format. This user must be already created in the domain.


The user's password for connecting to the domain.

LDAP domains

The list of domains served by the specified domain controller, e.g., in case of a domain tree or an Active Directory domain forest. Here you can also specify the short NetBIOS domain name.

Search roots

The list of LDAP server paths relative to which the system will search for users and groups. Specify the full name, e.g., ou=Office,dc=example,dc=com.

After creating a server, you should validate the settings by clicking Check connection. If your settings are correct, the system will report that; otherwise, it will tell you why it cannot connect.

To add an LDAP user or user group to the rule properties, click Add LDAP user/Add LDAP group in the rule properties, type at least one character present in the names of the desired objects in the search field, and then click Search and select the users or groups of interest.