Lenovo RD220 User Guide - Page 42
Configuring LDAP client authentication, Configuring LDAP search attributes
UPC - 884942047961
View all Lenovo RD220 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 42 highlights
a second attempt to bind is attempted, this time with the DN that is retrieved from the user's LDAP record and the password that was entered during the login process. If this fails, the user is denied access. The second bind is performed only when the Anonymously or Configured Credentials binding methods are used. Configuring LDAP client authentication To configure the LDAP client authentication, complete the following steps: 1. In the navigation pane, click Network protocols. 2. Scroll down to the Lightweight Directory Access Protocol (LDAP) Client area of the page and click Set DN and password only if Binding Method used is w/ Configured Credentials. 3. To use client-based authentication, in the Client DN field, type a client distinguished name. Type a password in the Password field or leave it blank. Configuring LDAP search attributes To configure the LDAP search attributes, complete the following steps: 1. In the navigation pane, click Network protocols. 2. Scroll down to the Lightweight Directory Access Protocol (LDAP) Client area and click Set attribute names for LDAP client search algorithm. 3. To configure the search attributes, use the following information. UID Search Attribute When the selected binding method is Anonymously or w/ Configured Credentials, the initial bind to the LDAP server is followed by a search request that is directed at retrieving specific information about the user, including the distinguished name, login permissions, and group membership. To retrieve this information, the search request must specify the attribute name that is used to represent user IDs on that server. Specifically, this name is used as a search filter against the login ID that is entered by the user. This attribute name is configured here. For example, on Active Directory servers, the attribute name that is used for user IDs is usually sAMAccoutName. On Novell eDirectory and OpenLDAP servers, it is usually uid. If this field is left blank, a default of UID is used during user authentication. Group Search Attribute In an Active Directory or Novell eDirectory environment, this parameter specifies the attribute name that is used to identify the groups to which a user belongs. In Active Directory, this is usually memberOf, and with eDirectory, this is usually groupMembership. In an OpenLDAP server environment, users are usually assigned to groups whose objectClass equals PosixGroup. In that context, this parameter specifies the attribute name that is used to identify the members of a particular PosixGroup. This is usually memberUid. If this field is left blank, the attribute name in the filter defaults to memberOf. Login Permission Attribute When a user is authenticated through an LDAP server successfully, the login permissions for this user must be retrieved. To retrieve these permissions, the search filter that is sent to the server must specify the attribute name that is associated with login permissions. This field specifies this attribute name. 36 Integrated Management Module: User Guide