Table of Contents
Advertisement
Chapter 23 User & Authentication
Directory Structure
The directory entries are arranged in a hierarchical order much like a tree structure. Normally, the
directory structure reflects the geographical or organizational boundaries. The following figure shows a
basic directory structure branching from countries to organizations to organizational units to individuals.
Figure 210 Basic Directory Structure
Distinguished Name (DN)
A DN uniquely identifies an entry in a directory. A DN consists of attribute-value pairs separated by
commas. The leftmost attribute is the Relative Distinguished Name (RDN). This provides a unique name
for entries that have the same "parent DN" ("cn=domain1.com, ou=Sales, o=MyCompany" in the
following examples).
cn=domain1.com, ou = Sales, o=MyCompany, c=US
cn=domain1.com, ou = Sales, o=MyCompany, c=JP
Base DN
A base DN specifies a directory. A base DN usually contains information such as the name of an
organization, a domain name and/or country. For example, o=MyCompany, c=UK where o means
organization and c means country.
Bind DN
A bind DN is used to authenticate with an LDAP/AD server. For example a bind DN of cn=zywallAdmin
allows the Zyxel Device to log into the LDAP/AD server using the user name of zywallAdmin. The bind
DN is used in conjunction with a bind password. When a bind DN is not specified, the Zyxel Device will try
to log in as an anonymous user. If the bind password is incorrect, the login will fail.
23.3 AAA Server Overview
You can use an AAA (Authentication, Authorization, Accounting) server to provide control access to
your network. A Zyxel Device AAA server is a RADIUS server. Use the AAA Server screens to create and
USG FLEX H Series User's Guide
343
Advertisement
Table of Contents
Troubleshooting
