D-Link DFL-2560 Product Manual - Page 360
LDAP Issues, Microsoft Active Directory as the LDAP Server, Defining an LDAP Server, LDAP Attributes
UPC - 790069335433
View all D-Link DFL-2560 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 360 highlights
8.2.4. External LDAP Servers Chapter 8. User Authentication One or more LDAP servers can be associated as a list within a user authentication rule. The ordering of the list determines the order in which server access is attempted. The first server in the list has the highest precedence and will be used first. If authentication fails or the server is unreachable then the second in the list is used and so on. LDAP Issues Unfortunately, setting up LDAP authentication may not be as simple as, for example, RADIUS setup. Careful consideration of the parameters used in defining the LDAP server to NetDefendOS is required. There are a number of issues that can cause problems: • LDAP servers differ in their implementation. NetDefendOS provides a flexible way of configuring an LDAP server and some configuration options may have to be changed depending on the LDAP server software. • Authentication of PPTP or L2TP clients may require some administrative changes to the LDAP server and this is discussed later. Microsoft Active Directory as the LDAP Server A Microsoft Active Directory can be configured in NetDefendOS as an LDAP server. There is one option in the NetDefendOS LDAP server setup which has special consideration with Active Directory and that is the Name Attribute. This should be set to SAMAccountName. Defining an LDAP Server One or more named LDAP server objects can be defined in NetDefendOS. These objects tell NetDefendOS which LDAP servers are available and how to access them. Defining an LDAP server to NetDefendOS is sometimes not straightforward because some LDAP server software may not follow the LDAP specifications exactly. It is also possible that an LDAP administrator has modified the server LDAP schema so that an LDAP attribute has been renamed. LDAP Attributes To fully understand LDAP setup, it is important to note some setup values are attributes. These are: • The Name attribute. • The Membership attribute. • The Password attribute. An LDAP attribute is a tuple (a pair of data values) consisting of an attribute name (in this manual we will call this the attribute ID to avoid confusion) and an attribute value. An example might be a tuple for a username attribute that has an ID of username and a value of Smith. These attributes can be used in different ways and their meaning to the LDAP server is usually defined by the server's database schema. The database schema can usually be changed by the server administrator to alter the attributes. General Settings 360