Lantronix EMG 8500 EMG User Guide - Page 306
Bind with Login, User Login Attribute
View all Lantronix EMG 8500 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 306 highlights
14: User Authentication 2. Enter the following: Enable LDAP Displays selected if you enabled this method on the first User Authentication page. If you want to set up this authentication method but not enable it immediately, clear the checkbox. Server #1 (or Server #2) The IPv4 or IPv6 address or host name of the primary and secondary LDAP servers. The secondary LDAP server will be used for authentication in the event that the primary LDAP server cannot be reached. Port Number of the TCP port on the LDAP server to which the EMG talks. The default is 389. Base The name of the LDAP search base (e.g., dc=company, dc=com). May have up to 80 characters. Bind Name The name for a non-anonymous bind to an LDAP server. This item has the same format as LDAP Base. One example is cn=administrator,cn=Users,dc=domain,dc=com Bind Password / Retype Password Password for a non-anonymous bind. This entry is optional. Acceptable characters are a-z, A-Z, and 0-9. The maximum length is 127 characters. Bind with Login Select to bind with the login and password that a user is authenticating with. This requires that the Bind Name contain the $login token, which will be replaced with the current login. For example, if the Bind Name is uid=$login,ou=People,dc=lantronix,dc=com, and user roberts logs into the EMG, LDAP will bind with uid=roberts,ou=People,dc=lantronix,dc=com and the password entered by roberts. User Login Attribute The attribute used by the LDAP server for user logins. If nothing is specified for the user filter, the EMG unit will use "uid". For AD LDAP servers, the attribute for user logins is typically "sAMAccountName". Group Filter Objectclass The objectclass used by the LDAP server for groups. If nothing is specified for the group filter, the EMG will use "posixGroup". For AD LDAP servers, the objectclass for groups is typically "Group". Group Member Attribute The attribute used by the LDAP server for group membership. This attribute may be use to search for a name (ie, "msmith") or a Distinguished Name (ie, "uid=msmith,ou=People,dc=lantronix,dc=com"). Select either Name or DN as appropriate for the LDAP server. If nothing is specified for the group membership attribute, the EMG unit will use "memberUID" for name and "uniqueMember" for DN. For AD LDAP servers, the Group Membership Value is typically DN, with the Group Membership Attribute of "member". Group Member Value The attribute used by the LDAP server for group membership. This attribute may be use to search for a name (ie, "msmith") or a Distinguished Name (ie, "uid=msmith,ou=People,dc=lantronix,dc=com"). Select either Name or DN as appropriate for the LDAP server. If nothing is specified for the group membership attribute, the EMG will use "memberUID" for name and "uniqueMember" for DN. For AD LDAP servers, the Group Membership Value is typically DN, with the Group Membership Attribute of "member". Use LDAP Schema Select the check box to obtain remote user attributes (group/permissions and port access) from an Active Directory server's scheme via the user attribute 'Secure LantronixPerms' (see details below). Disabled by default. Active Directory Support Select to enable. Active Directory is a directory service from Microsoft that is a part of Windows 2000 and later versions of Windows. It is LDAP- and Kerberoscompliant. Disabled by default. EMG™ Edge Management Gateway User Guide 306