ZyXEL Communications SBG5500 Series User Manual page 157

The following table describes the labels in this screen.
Table 68 LDAP Server: Add/Edit
LABEL
General Settings
Name
Description
Server Settings
Server Address
Backup Server Address
Port
Base DN
Use SSL
Search time limit
Case-sensitive User Names
Server Authentication
Bind DN
Password
Retype to Confirm
User Login Settings
Login Name Attribute
Alternative Login Name
Attribute
Group Membership
Attribute
OK
Cancel
Chapter 9 Firewall
DESCRIPTION
Enter a descriptive name for identification purposes. It cannot exceed 64 characters
[0-9][A-Z] [a-z][_-].
Enter the description of each server, if any. You can use up to 128 printable ASCII
characters.
Enter an IP address or Fully-Qualified Domain Name (FQDN) of the LDAP
authentication server.
If the LDAP server has a backup authentication server, enter its IP address or FQDN
here.
Specify the port number on the LDAP server to which the SBG sends authentication
requests. Enter a number between 1 and 65535.
Specify the directory (up to 127 alphanumerical characters). For example, o=Zyxel,
c=US.
This is only for LDAP.
Select Use SSL to establish a secure connection to the LDAP server(s).
Specify the timeout period (between 1 and 300 seconds) before the SBG
disconnects from the LDAP server. In this case, user authentication fails.
Search timeout occurs when either the user information is not in the LDAP server(s) or
the LDAP server(s) is down.
Select this if the server checks the case of the user names.
Specify the bind DN for logging into the LDAP server. Enter up to 127 alphanumerical
characters.
For example, cn=zyxelAdmin specifies zyxelAdmin as the user name.
If required, enter the password (up to 15 alphanumerical characters) for the SBG to
bind (or log in) to the AD or LDAP server.
Retype your new password for confirmation.
Enter the type of identifier the users are to use to log in. For example "name" or "e-
mail address".
If there is a second type of identifier that the users can use to log in, enter it here. For
example "name" or "e-mail address".
An LDAP server defines attributes for its accounts. Enter the name of the attribute
that the SBG is to check to determine to which group a user belongs. The value for
this attribute is called a group identifier; it determines to which group a user belongs.
You can add ext-group-user objects to identify groups based on these group
identifier values.
For example you could have an attribute named "memberOf" with values like
"sales", "RD", and "management". Then you could also create a ext-group-user
object for each group. One with "sales" as the group identifier, another for "RD" and
a third for "management".
Click OK to save your changes.
Click Cancel to exit this screen without saving.
SBG5500/3310 Series User's Guide
157