A
PPENDIX
D: P
ROFILE
F
ORMAT
AND
R
ULES
F
ILE
F
ORMAT
: R
ULES
AND
E
XAMPLES
264
M86 S
ECURITY
U
SER
G
UIDE
LDAP Profile List Format and Rules
When setting up the “ldapwrkstnprofile.conf” file, “ldapuser-
profile.conf” file, “ldapgroupprofile.conf” file, or “ldapcontain-
erprofile.conf” file, each entry must consist of the Distin-
guished Name (DN), with each part of the DN separated by
commas (,). The DN should be followed by a semicolon (;),
and then a rule number or rule criteria (port, category, and
filter mode specifications). A redirect URL can be included,
if a specific URL should be used in place of the standard
block page. If a redirect URL is not included, a blank space
should be entered in its place in the profile string. Each
segment of the profile string following the semicolon for the
DN should be separated by commas (,). “0x1” should be
placed at the end of a profile string without any filter options
enabled.
Workstation profile list format
Here are examples of workstation profile entries in an ldap-
wrkstnprofile.conf file:
CN=R3KWRK1, CN=Computers, DC=logo, DC=net; R
21 A, J R KDPORN GPORN M PASSED I,1, , 0x1
CN=WIN2000-79AHM, OU=Domain Controllers,
DC=logo, DC=net; Rule0, , 0x1306
NOTE
: The DN format must contain the workstation name and
LDAP group "CN" ("common name") attribute type, and the
domain and DNS suffix "DC" ("domain component") attribute
type. The "OU" ("organizational unit") attribute type also can be
included. Each attribute type should be followed by an equals
sign (=), and separated by a comma (,).
When translated, these strings of code mean:
•
profile for a workstation named “R3KWRK1”, LDAP
group “Computers”, domain “logo”, DNS suffix “.net”:
Block port 21 and Filter all other ports, Block Child