Netgear SSL312 SSL312 User Manual - Page 41

LDAP Authentication, Sample LDAP Attributes - active directory kerberos

Get Netgear SSL312 - ProSafe SSL VPN Concentrator 25 PDF manuals and user guides
UPC - 606449046441
View all Netgear SSL312 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 41 highlights

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 6. From the Portal Layout Name pull-down menu, select the name of the layout. The default layout is SSL-VPN. You can define additional layouts in the Portal Layouts page. 7. Check the Require CIFS bookmark to home directory check box to automatically allow access to users of this domain and add the home directory path in the field provided. 8. Click Apply to update the configuration. Once the domain has been added, the domain displays in the table in the Domains screen. LDAP Authentication LDAP (Lightweight Directory Access Protocol) is a standard for querying and updating a directory. Since LDAP supports a multilevel hierarchy (for example, groups or organizational units), the SSL VPN Concentrator can query this information and provide specific group policies or bookmarks based on LDAP attributes. By configuring LDAP attributes, the SSL VPN Concentrator administrator can leverage the groups that have already been configured in an LDAP or Active Directory database, rather than manually recreating the same groups in the SSL VPN Concentrator. Once an LDAP authentication domain is created, a default LDAP group will be created with the same name as the LDAP domain name. Although you can add additional groups to or delete groups from this domain, you cannot delete the default LDAP group. For an LDAP group, you can define LDAP attributes. For example, you can specify that users in an LDAP group must be members of a certain group or organizational unit defined on the LDAP server. Or you can specify a unique LDAP distinguished name. Note: The Microsoft Active Directory database uses an LDAP organization schema. The Active Directory database can be queried using Kerberos authentication (the standard authentication type), NTLM authentication (labeled "NT Domain" authentication in the SSL VPN Concentrator), or using LDAP database queries. As a result, an LDAP domain configured in the SSL VPN Concentrator can authenticate to an Active Directory server. To add an LDAP authentication domain, see "Configuring for LDAP Authentication" on page 3-9. Sample LDAP Attributes You can enter up to 4 LDAP attributes per group. The following are some example LDAP attributes of Active Directory LDAP users: Authenticating Users 3-7 v2.1, November 2008

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual
Authenticating Users
3-7
v2.1, November 2008
6.
From the Portal Layout Name pull-down menu, select the name of the layout. The default
layout is SSL-VPN. You can define additional layouts in the Portal Layouts page.
7.
Check the Require CIFS bookmark to home directory check box to automatically allow access
to users of this domain and add the home directory path in the field provided.
8.
Click Apply to update the configuration. Once the domain has been added, the domain
displays in the table in the Domains screen.
LDAP Authentication
LDAP (Lightweight Directory Access Protocol) is a standard for querying and updating a
directory. Since LDAP supports a multilevel hierarchy (for example, groups or organizational
units), the SSL VPN Concentrator can query this information and provide specific group policies
or bookmarks based on LDAP attributes. By configuring LDAP attributes, the SSL VPN
Concentrator administrator can leverage the groups that have already been configured in an LDAP
or Active Directory database, rather than manually recreating the same groups in the SSL VPN
Concentrator.
Once an LDAP authentication domain is created, a default LDAP group will be created with the
same name as the LDAP domain name. Although you can add additional groups to or delete
groups from this domain, you cannot delete the default LDAP group.
For an LDAP group, you can define LDAP attributes. For example, you can specify that users in
an LDAP group must be members of a certain group or organizational unit defined on the LDAP
server. Or you can specify a unique LDAP distinguished name.
To add an LDAP authentication domain, see
“Configuring for LDAP Authentication” on page 3-9
.
Sample LDAP Attributes
You can enter up to 4 LDAP attributes per group. The following are some example LDAP
attributes of Active Directory LDAP users:
Note:
The Microsoft Active Directory database uses an LDAP organization schema. The
Active Directory database can be queried using Kerberos authentication (the
standard authentication type), NTLM authentication (labeled “NT Domain”
authentication in the SSL VPN Concentrator), or using LDAP database queries. As
a result, an LDAP domain configured in the SSL VPN Concentrator can
authenticate to an Active Directory server.