Setting the user search base Distinguished Name (DN)
The Set LDAP UserBaseDN command is used to set the base (DN) for the login username search. This
is where the search will start, and will include all subtrees. Maximum size is 100 characters.
To set the user search base DN:
At the Sentry: prompt, type
set ldap userbasedn
and press
Enter
.
At the following prompt, type the
search base DN and press E
nter.
Example
The following sets the DN user search base for MSAD to ‘cn=Users,dc=servertech,dc=com’:
Sentry: set ldap userbasedn<Enter>
Enter User Search Base DN (Max characters 100):
cn=Users,dc=servertech,dc=com<Enter>
Setting the user search filter
The Set LDAP UserFilter command is used to set the search filter for the username entered at the login
prompt.
The search filter must be entered within parenthesis and adhere to the following format:
(
searchfilter
=%s)
where ‘searchfilter’ is the name of the attribute in the user class which has a value that represents the
user’s login name. In this string, the ‘%s’ will be replaced by the entered username. Maximum string
length is 100 characters.
To set the user search filter:
At the Sentry: prompt, type
set ldap userfilter
and press
Enter
.
At the following prompt, type the
User Search Filter and press
Enter
.
Example
The following sets the user search filter for MSAD to ‘samaccountname’:
Sentry: set ldap userfilter<Enter>
Enter User Search Filter (Max characters 100):
(samaccountname=%s)<Enter>
Setting the authentication order
The Set Authorder command sets the authentication order for remote authentication sessions. The
Sentry supports two methods for authentication order - Remote -> Local and Remote Only.
The Remote -> Local method first attempts authentication with the Active Directory server and if
unsuccessful with the local user database on the Sentry device.
The Remote Only method attempts authentication only with the Active Directory server and if
unsuccessful, access is denied.
NOTE: With the Remote Only method, if authentication fails due to a communication failure with the Active Directory
server automatic authentication fallback will occur to authenticate with the local user data base on the Sentry device.
To set the authentication order:
At the Sentry: prompt, type
set authorder
, followed by
remotelocal
or
remoteonly
and press
Enter
.
NOTE: Server Technology recommends NOT setting the authentication order to Remote Only until the LDAP has been
fully configured and tested.
Sentry PT22
Advanced Operations
•
57
Installation and Operations Manual
Summary of Contents for Sentry PT22
Page 44: ......