•
Administrator Account
The LDAP server will require that the user establishing a connection to do a search has
administrator privileges. The Administration Account specifies the administrator username. This
username may be requested by the server in a special format in the same way as described
previously with Use Domain Name.
•
Password/Confirm Password
The password for the administrator account which was specified above.
•
Domain Name
The Domain Name is used when formatting usernames. This is the first part of the full domain
name. In our examples above, the Domain Name is myldapserver. The full domain name is a dot
separated set of labels, for example, myldapserver.local.eu.com.
This option is only available if the Server Type is NOT set to Other.
This option can be left empty but is required if the LDAP server requires the domain name when
performing a bind request.
Optional Settings
There is one optional setting:
•
Password Attribute
The password attribute specifies the ID of the tuple on the LDAP server that contains the user's
password. The default ID is userPassword.
This option should be left empty unless the LDAP server is being used to authenticate users
connecting via PPP with CHAP, MS-CHAPv1 or MS-CHAPv2.
When it is used, it determines the ID of the data field in the LDAP server database which
contains the user password in plain text. The LDAP server administrator must make sure that
this field actually does contain the password. This is explained in greater detail later.
Bind Request Authentication
LDAP server authentication is automatically configured to work using LDAP Bind Request
Authentication. This means that authentication succeeds if successful connection is made to the
LDAP server. Individual clients are not distinguished from one another.
LDAP server referrals should not occur with bind request authentication but if they do, the server
sending the referral will be regarded as not having responded.
LDAP Server Responses
When an LDAP server is queried by NetDefendOS with a user authentication request, the following
are the possible outcomes:
•
The server replies with a positive response and the user is authenticated.
Clients using PPP with CHAP, MS-CHAPv1 or MS-CHAPv2 is a special case and
authentication is actually done by NetDefendOS, as discussed later.
•
The server replies with a negative response and the user is not authenticated.
8.2.4. External LDAP Servers
Chapter 8. User Authentication
399
Содержание NetDefend DFL-1660
Страница 28: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 28 ...
Страница 88: ...2 6 3 Restore to Factory Defaults Chapter 2 Management and Maintenance 88 ...
Страница 166: ...3 10 DNS Chapter 3 Fundamentals 166 ...
Страница 254: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 254 ...
Страница 268: ...5 4 IP Pools Chapter 5 DHCP Services 268 ...
Страница 368: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 368 ...
Страница 390: ...7 4 7 SAT and FwdFast Rules Chapter 7 Address Translation 390 ...
Страница 414: ...8 3 Customizing Authentication HTML Pages Chapter 8 User Authentication 414 ...
Страница 490: ...9 8 6 Specific Symptoms Chapter 9 VPN 490 ...
Страница 528: ...10 4 6 Setting Up SLB_SAT Rules Chapter 10 Traffic Management 528 ...
Страница 544: ...11 7 HA Advanced Settings Chapter 11 High Availability 544 ...
Страница 551: ...12 3 5 Limitations Chapter 12 ZoneDefense 551 ...
Страница 574: ...Default 512 13 9 Miscellaneous Settings Chapter 13 Advanced Settings 574 ...
Страница 575: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 575 ...