Dell Powerconnect W-ClearPass Virtual Appliances W-ClearPass Guest 6.0 Deploym - Page 249

Manage LDAP Operator Authentication Servers Dell Networking W-ClearPass Guest supports a flexible authentication mechanism that can be readily adapted to any LDAP server's method of authenticating users by name. There are built-in defaults for Microsoft Active Directory servers, POSIX-compliant directory servers, and RADIUS servers. When an operator attempts to log in, each LDAP server that is enabled for authentication is checked, in order of priority from lowest to highest. Once a server is found that can authenticate the operator's identity (typically with a username and password), the LDAP server is queried for the attributes associated with the user account. These LDAP attributes are then translated to operator attributes using the rules defined in the LDAP translation rules. In particular, an operator profile will be assigned to the authenticated user with this process, which controls what that user is permitted to do. Creating an LDAP Server To create an LDAP server, go to Administration > Operator Logins > Servers, then click the Create new LDAP server link in the upper-right corner. The Server Configuration form opens. To specify a basic LDAP server connection (hostname and optional port number), use a Server URL of the form ldap://hostname/ or ldap://hostname:port/. See "Advanced LDAP URL Syntax" on page 251 for more details about the types of LDAP URL you may specify. In the top area of the form, select the Enabled option (below the Name field) if you want this server to authenticate operator logins. This form allows you to specify the type of LDAP server your system will use. Click the Server Type drop-down list and select one of the following options: Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Manage LDAP Operator Authentication Servers | 249