LDAP authentication is similar to Active Directory authentication, except that the ISA Server computer does not have to be a member of the domain. ISA Server 2006 connects to a configured LDAP server over the LDAP protocol to authenticate the user. Every Windows domain controller is also an LDAP server, by default, with no additional configuration changes required. By using LDAP authentication, you get the following benefits:
ISA Server 2006 Standard Edition server or ISA Server 2006 Enterprise Edition array members in workgroup mode. When ISA Server is installed in a perimeter network, you no longer need to open all of the ports required for domain membership.
Authentication of users in a domain with which there is no trust relationship.
For more information about LDAP Configuration, see Appendix B of the Secure Application Publication article on Microsoft TechNet. http://www.microsoft.com/technet/isa/2006/secure_web_publishing.mspx#AppendixB
Create an LDAP Server Set
Perform the following procedure to create an LDAP Server set:
For Standard Edition, perform the following procedure on computer isa01.
For Enterprise Edition, perform the following procedure on computer storage01.
Click Back to make changes and Finish to complete the wizard.
1. Click the Apply button in the details pane to save the changes and update the configuration.
Set the Idle Session Timeout for All Firewalls and Network Appliances to 1800 seconds
In this step, you will modify the idle session timeout time on all firewalls, proxy servers, and other network appliances to accommodate the time required for successful function of the direct push technology.
The default idle session timeout in ISA Server 2006 is 1800 seconds, so you should not need to modify it.
For more information about modifying the idle session timeout time, see "Configuring your Firewall for Optimal Direct Push Performance in the Best Practices for Deploying a Mobile Messaging Solution section in this document.
To confirm the firewall Idle Session Timeout
1. In the console tree of ISA Server Management, click Firewall Policy.
2. On the Toolbox tab, click Network Objects.
3. From the list of folders, expand the Web Listeners node, and view the Properties of appropriate Web Listener.
4. Select the Connections tab and then click the Advanced… button.
5. Make sure the Connection Timeout is set at 1800 seconds (30 minutes). Change it if needed.