User authentication
LDAP
IX20 User Guide
519
cn: John Smith
sn: Smith
uid: john
ou: admin serial
LDAP server failover and fallback to local configuration
In addition to the primary LDAP server, you can also configure your IX20 device to use backup LDAP
servers. Backup LDAP servers are used for authentication requests when the primary LDAP server is
unavailable.
Falling back to local authentication
With user authentication methods, you can configure your IX20 device to use multiple types of
authentication. For example, you can configure both LDAP authentication and local authentication, so
that local authentication can be used as a fallback mechanism if the primary and backup LDAP servers
are unavailable. Additionally, users who are configured locally but are not configured on the LDAP
server are still able to log into the device. Authentication methods are attempted in the order they are
listed until the first successful authentication result is returned; therefore if you want to ensure that
users are authenticated first through the LDAP server, and only authenticated locally if the LDAP
server is unavailable or if the user is not defined on the LDAP server, then you should list the LDAP
authentication method prior to the Local users authentication method.
See
for more information about authentication methods.
If the LDAP servers are unavailable and the IX20 device falls back to local authentication, only users
defined locally on the device are able to log in. LDAP users cannot log in until the LDAP servers are
brought back online.
Configure your IX20 device to use an LDAP server
This section describes how to configure a IX20 device to use an LDAP server for authentication and
authorization.
Required configuration items
n
Define the LDAP server IP address or domain name.
n
Add LDAP as an authentication method for your IX20 device.
Additional configuration items
n
Whether other user authentication methods should be used in addition to the LDAP server, or if
the LDAP server should be considered the authoritative login method.
n
The LDAP server port. It is configured to 389 by default.
n
Whether to use Transport Layer Security (TLS) when communicating with the LDAP server.
n
The distinguished name (DN) and password used to communicate with the server.
n
The distinguished name used to search to user base.
n
The group attribute.
n
The number of seconds to wait to receive a message from the server.
n
Add additional LDAP servers in case the first LDAP server is unavailable.
WebUI