D-Link DFL-260E User Manual for DFL-260E - Page 392
Important: The Base Object must be specified correctly, Database Settings
View all D-Link DFL-260E manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 392 highlights
8.2.4. External LDAP Servers Chapter 8. User Authentication The Membership Attribute defines which groups a user is a member of. This is similar to the way a user belongs to either the admin or audit database group in NetDefendOS. This is another tuple defined by the server's database schema and the default ID is MemberOf. In Microsoft Active Directory, the groups a user belongs to can be found by looking at a users details under the MemberOf tab. • Use Domain Name Some servers require the domain name in combination with a username for performing successful authentication. The domain name is the host name of the LDAP server, for example myldapserver. The choices for this parameter are: i. Do Not Use - This will not modify the username in any way. For example, testuser. ii. Username Prefix - When authenticating, this will put \ in front of the username. For example, myldapserver/testuser. iii. Username Postfix - When authenticating, this will add @ after the username. For example, testuser@myldapserver. If the choice is other than Do Not Use, the Domain Name parameter option described below should be specified. Different LDAP servers could handle the domain name differently so the server's requirements should be checked. Most versions of Windows Active Directory require the Postfix option to be used. • Routing Table The NetDefendOS routing table where route lookup will be done to resolve the server's IP address into a route. The default is the main routing table. Database Settings The Database Settings are as follows: • Base Object Defines where in the LDAP server tree search for user accounts shall begin. The users defined on an LDAP server database are organized into a tree structure. The Base Object specifies where in this tree the relevant users are located. Specifying the Base Object has the effect of speeding up the search of the LDAP tree since only users under the Base Object will be examined. Important: The Base Object must be specified correctly If the Base Object is specified incorrectly then this can mean that a user will not be found and authenticated if they are not in the part of the tree below the Base Object. The recommended option is therefore to initially specify the Base Object as the root of the tree. The Base Object is specified as a common separated domainComponent (DC) set. If the full domain name is myldapserver.local.eu.com and this is the Base Object then this is specified as: DC=myldapserver,DC=local,DC=eu,DC=com The username search will now begin at the root of the myldapserver tree. 392