Troubleshooting Guide for SSL312 LDAP configuration
This guide will provide some tips on what you should check for before configuring the SSL312 to
authenticate through the LDAP Server.
NOTE
: SSL312 does not currently support search for users within subtrees of a configured
BaseDN
Quick LDAP background:
LDAP
= Lightweight Direct Access Protocol
Controls in a very fine-grained manner --
“who can do what to the data”
Extension of Active Directory which queries for additional information such as groups,
organizations,
DN
= Distinguished Name
•
Think of the DN as a full filename i.e.: dn: cn=John,dc=example,dc=com
CN
= Common Name
•
Username, group name or container that stores all the user/group names
– i.e.:
Marketing, Users, etc…
DC
= Domain Component
•
Domain name
– i.e.: NETGEAR.COM or NETGEAR.LOCAL
OU
= Organization Unit
•
Organization unit
– i.e.: OU=marketing
Before you begin setting up the SSL312 for LDAP configuration, you should check to verify that
your LDAP server and its users are working properly. Below are some of the built-in commands
on Windows 2003 Server that you can use to verify the status of your LDAP server.
In the examples below, we have configured an LDAP server with the following settings:
•
Windows 2003 Server
•
Domain = NETGEAR.LOCAL
•
Organization Unit = Marketing
1)
List ALL the users under the “Users” group or container under the domain “Netgear.local”
At the MS-
DOS prompt, type “
dsquery user cn=users,dc=netgear,dc=local
” (without quotes)
•
Dsquery
is the Windows built-in command to begin the LDAP query
•
User
indicate the name of the container where you want to do the query
