Authentication And Authorization For Ssl Vpn Users By An Ldap Server - HP MSR Series Configuration Manual

Verifying the configuration
# Initiate an SSH connection to the router, and enter the username aaa@bbb and password
ldap!123456. The user logs in to the router. (Details not shown.)
# Verify that the user can use the commands permitted by the network-operator user role. (Details
not shown.)
Authentication and authorization for SSL VPN users by an
LDAP server
Network requirements
As shown in
•
Use the LDAP server to perform authentication and authorization for the SSL VPN user.
•
Act as an SSL VPN gateway. The gateway IP address is 192.168.1.70 and the service port
number is 8080.
The LDAP server uses the domain name ldap.com. The server assigns an SSL VPN policy group
named pg1 to the user after authentication. The policy group defines a 120-second idle timeout for
the user connections.
Figure 22 Network diagram
Configuration procedure
1. Configure the LDAP server:
NOTE:
In this example, the LDAP server runs Microsoft Windows 2003 Server Active Directory.
# Add a user named aaa and set the password to ldap!123456.
a. On the LDAP server, select Start > Control Panel > Administrative Tools.
b. Double-click Active Directory Users and Computers.
The Active Directory Users and Computers window is displayed.
c. From the navigation tree, click Users under the ldap.com node.
d. Select Action > New > User from the menu to display the dialog box for adding a user.
e. Enter the logon name aaa and click Next.
Figure 22, configure the router to meet the following requirements:
70