D-Link DFL-260E User Manual for DFL-260E - Page 390
Setting Up LDAP Authentication, LDAP Issues, Microsoft Active Directory as the LDAP Server
View all D-Link DFL-260E manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 390 highlights
8.2.4. External LDAP Servers Chapter 8. User Authentication Setting Up LDAP Authentication There are two steps for setting up user authentication with LDAP servers: • Define one or more user authentication LDAP server objects in NetDefendOS. • Specify one or a list of these LDAP server objects in a user authentication rule. One or more LDAP servers can be associated as a list within a user authentication rule. The ordering of the list determines the order in which server access is attempted. The first server in the list has the highest precedence and will be used first. If authentication fails or the server is unreachable then the second in the list is used and so on. LDAP Issues Unfortunately, setting up LDAP authentication may not be as simple as, for example, RADIUS setup. Careful consideration of the parameters used in defining the LDAP server to NetDefendOS is required. There are a number of issues that can cause problems: • LDAP servers differ in their implementation. NetDefendOS provides a flexible way of configuring an LDAP server and some configuration options may have to be changed depending on the LDAP server software. • Authentication of PPTP or L2TP clients may require some administrative changes to the LDAP server and this is discussed later. Microsoft Active Directory as the LDAP Server A Microsoft Active Directory can be configured in NetDefendOS as an LDAP server. There is one option in the NetDefendOS LDAP server setup which has special consideration with Active Directory and that is the Name Attribute. This should be set to SAMAccountName. Defining an LDAP Server One or more named LDAP server objects can be defined in NetDefendOS. These objects tell NetDefendOS which LDAP servers are available and how to access them. Defining an LDAP server to NetDefendOS is sometimes not straightforward because some LDAP server software may not follow the LDAP specifications exactly. It is also possible that an LDAP administrator has modified the server LDAP schema so that an LDAP attribute has been renamed. LDAP Attributes To fully understand LDAP setup, it is important to note some setup values are attributes. These are: • The Name attribute. • The Membership attribute. • The Password attribute. An LDAP attribute is a tuple (a pair of data values) consisting of an attribute name (in this manual we will call this the attribute ID to avoid confusion) and an attribute value. An example might be a 390