The Membership Attribute defines which groups a user is a member of. This is similar to the
way a user belongs to either the admin or audit database group in NetDefendOS. This is another
tuple defined by the server's database schema and the default ID is MemberOf.
In Microsoft Active Directory, the groups a user belongs to can be found by looking at a users
details under the MemberOf tab.
•
Use Domain Name
Some servers require the domain name in combination with a username for performing
successful authentication. The domain name is the host name of the LDAP server, for example
myldapserver. The choices for this parameter are:
i.
Do Not Use - This will not modify the username in any way. For example, testuser.
ii.
Username Prefix - When authenticating, this will put <domain name>\ in front of the
username. For example, myldapserver/testuser.
iii.
Username Postfix - When authenticating, this will add @<domain name> after the
username. For example, testuser@myldapserver.
If the choice is other than Do Not Use, the Domain Name parameter option described below
should be specified.
Different LDAP servers could handle the domain name differently so the server's requirements
should be checked. Most versions of Windows Active Directory require the Postfix option to be
used.
•
Routing Table
The NetDefendOS routing table where route lookup will be done to resolve the server's IP
address into a route. The default is the main routing table.
Database Settings
The Database Settings are as follows:
•
Base Object
Defines where in the LDAP server tree search for user accounts shall begin.
The users defined on an LDAP server database are organized into a tree structure. The Base
Object specifies where in this tree the relevant users are located. Specifying the Base Object has
the effect of speeding up the search of the LDAP tree since only users under the Base Object
will be examined.
Important: The Base Object must be specified correctly
If the Base Object is specified incorrectly then this can mean that a user will not be
found and authenticated if they are not in the part of the tree below the Base
Object. The recommended option is therefore to initially specify the Base Object as
the root of the tree.
The Base Object is specified as a common separated domainComponent (DC) set. If the full
domain name is myldapserver.local.eu.com and this is the Base Object then this is specified as:
DC=myldapserver,DC=local,DC=eu,DC=com
The username search will now begin at the root of the myldapserver tree.
8.2.4. External LDAP Servers
Chapter 8. User Authentication
398
Summary of Contents for NetDefend DFL-1660
Page 28: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 28 ...
Page 88: ...2 6 3 Restore to Factory Defaults Chapter 2 Management and Maintenance 88 ...
Page 166: ...3 10 DNS Chapter 3 Fundamentals 166 ...
Page 254: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 254 ...
Page 268: ...5 4 IP Pools Chapter 5 DHCP Services 268 ...
Page 368: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 368 ...
Page 390: ...7 4 7 SAT and FwdFast Rules Chapter 7 Address Translation 390 ...
Page 414: ...8 3 Customizing Authentication HTML Pages Chapter 8 User Authentication 414 ...
Page 490: ...9 8 6 Specific Symptoms Chapter 9 VPN 490 ...
Page 528: ...10 4 6 Setting Up SLB_SAT Rules Chapter 10 Traffic Management 528 ...
Page 544: ...11 7 HA Advanced Settings Chapter 11 High Availability 544 ...
Page 551: ...12 3 5 Limitations Chapter 12 ZoneDefense 551 ...
Page 574: ...Default 512 13 9 Miscellaneous Settings Chapter 13 Advanced Settings 574 ...
Page 575: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 575 ...