Rublon Authentication Proxy needs the ACCESS_USER_DN attribute to read Active Directory information during authentication. You need to set ACCESS_USER_DN to the Bind DN of a user who has Read rights in your Active Directory. We recommend you create a new user Rublon with Read-only rights and only use this user for Rublon binding purposes.
How to find the Bind DN?
Here’s how to find the Bind DN of a user:
Open the Command Prompt on your Domain Controller (the server where you installed Active Directory).
Run the following command: dsquery user -name Rublon
You will receive the Bind DN. Copy and set it as the value of the ACCESS_USER_DN field in your Rublon Authentication Proxy’s configuration file.
What Do the Parts of the Bind DN Query Mean?
Here’s an example of a Bind DN:
"CN=Rublon, OU=outestrublon, OU=outest, DC=test, DC=local"
Naturally, your Bind DN will be different, but it will have the CN, OU, and DC elements too, so it is good to know what they stand for.
CN = Common Name
OU = Organizational Unit
DC = Domain Component
Read from right to left, the Bind DN describes how to access the appropriate object in the Active Directory tree.
From the local Domain Component, find the test Domain Component.
In the test Domain Component, find the Organizational Unit called outtest.
In the Organizational Unit called outtest find the Organization Unit called Users.
In the Organizational Unit called outestrublon find the object that has a common name of Rublon.