LDAP server authentication is automatically configured to work using LDAP Bind Request
Authentication. This means that authentication succeeds if successful connection is made to the
LDAP server. Individual clients are not distinguished from one another.
LDAP server referrals should not occur with bind request authentication but if they do, the server
sending the referral will be regarded as not having responded.
B. Activating LDAP Server User Authentication
When one or multiple LDAP server objects are defined, the next step is to have a user authentication
rule which refers to them.
One or more of the server objects can be associated as a list with a user authentication rule. The
ordering of the list determines the order in which server access is attempted. The first server in the
list has the highest precedence and will be used before those lower down.
Server Responses
When an LDAP server is queried by NetDefendOS with a user authentication request, the following
are the possible outcomes:
1.
The server replies with a positive response and the user is authenticated.
2.
The server replies with a negative response and the user is not authenticated.
3.
The server does not respond within the Timeout period specified for the server. If only one
server is specified then authentication will be considered to have failed. If there are alternate
servers defined for the user authentication rule then these are queried next.
Real-time Monitoring Statistics
The following statistics are available for real-time monitoring of LDAP server access for user
authentication:
•
Number of authentications per second.
•
Total number of authentication requests.
•
Total number of successful authentication requests.
•
Total number of failed authentication requests.
•
Total number of invalid usernames.
•
Total number of invalid password.
LDAP Authentication CLI Commands
The CLI objects that correspond to LDAP servers used for authentication are called LDAPDatabase
objects (LDAP servers used for certificate lookup are known as LDAPServer objects in the CLI).
A specific LDAP server that is defined in NetDefendOS for authentication can be shown with the
command:
gw-world:/> show LDAPDatabase <object_name>
The entire contents of the database can be displayed with the command:
8.2.4. External LDAP Servers
Chapter 8. User Authentication
307
Содержание 800 - DFL 800 - Security Appliance
Страница 24: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 24 ...
Страница 69: ...2 6 4 Restore to Factory Defaults Chapter 2 Management and Maintenance 69 ...
Страница 121: ...3 9 DNS Chapter 3 Fundamentals 121 ...
Страница 166: ...interfaces without an overriding IGMP Setting Default 1 000 4 6 4 Advanced IGMP Settings Chapter 4 Routing 166 ...
Страница 181: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 181 ...
Страница 192: ...5 5 IP Pools Chapter 5 DHCP Services 192 ...
Страница 282: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 282 ...
Страница 300: ...mechanism 7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 300 ...
Страница 301: ...7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 301 ...
Страница 303: ... Changed on a regular basis such as every three months 8 1 Overview Chapter 8 User Authentication 303 ...
Страница 318: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 318 ...
Страница 322: ...ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 322 ...
Страница 377: ...Management Interface Failure with VPN Chapter 9 VPN 377 ...
Страница 408: ...10 4 6 SLB_SAT Rules Chapter 10 Traffic Management 408 ...
Страница 419: ...11 5 HA Advanced Settings Chapter 11 High Availability 419 ...
Страница 426: ...12 3 5 Limitations Chapter 12 ZoneDefense 426 ...
Страница 449: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 449 ...