Configuring Ldap Client Authentication; Configuring Ldap Search Attributes - Lenovo RD220 - ThinkServer - 3798 User Manual
Integrated management module user guide
Hide thumbs
Also See for RD220 - ThinkServer - 3798:
- Hardware maintenance manual (244 pages) ,
- Garantie et support (36 pages) ,
- Warranty and support information (34 pages)
Table of Contents
Advertisement
Configuring LDAP client authentication
To configure the LDAP client authentication, complete the following steps:
1. In the navigation pane, click Network protocols.
2. Scroll down to the Lightweight Directory Access Protocol (LDAP) Client area
3. To use client-based authentication, in the Client DN field, type a client
Configuring LDAP search attributes
To configure the LDAP search attributes, complete the following steps:
1. In the navigation pane, click Network protocols.
2. Scroll down to the Lightweight Directory Access Protocol (LDAP) Client area
3. To configure the search attributes, use the following information.
UID Search Attribute
Group Search Attribute
Login Permission Attribute
36
Integrated Management Module: User Guide
a second attempt to bind is attempted, this time with the DN that is
retrieved from the user's LDAP record and the password that was
entered during the login process. If this fails, the user is denied access.
The second bind is performed only when the Anonymously or
Configured Credentials binding methods are used.
of the page and click Set DN and password only if Binding Method used is
w/ Configured Credentials.
distinguished name. Type a password in the Password field or leave it blank.
and click Set attribute names for LDAP client search algorithm.
When the selected binding method is Anonymously or w/ Configured
Credentials, the initial bind to the LDAP server is followed by a search
request that is directed at retrieving specific information about the user,
including the distinguished name, login permissions, and group
membership. To retrieve this information, the search request must specify
the attribute name that is used to represent user IDs on that server.
Specifically, this name is used as a search filter against the login ID that is
entered by the user. This attribute name is configured here. For example,
on Active Directory servers, the attribute name that is used for user IDs is
usually sAMAccoutName. On Novell eDirectory and OpenLDAP servers, it
is usually uid. If this field is left blank, a default of UID is used during
user authentication.
In an Active Directory or Novell eDirectory environment, this parameter
specifies the attribute name that is used to identify the groups to which a
user belongs. In Active Directory, this is usually memberOf, and with
eDirectory, this is usually groupMembership.
In an OpenLDAP server environment, users are usually assigned to groups
whose objectClass equals PosixGroup. In that context, this parameter
specifies the attribute name that is used to identify the members of a
particular PosixGroup. This is usually memberUid.
If this field is left blank, the attribute name in the filter defaults to
memberOf.
When a user is authenticated through an LDAP server successfully, the
login permissions for this user must be retrieved. To retrieve these
permissions, the search filter that is sent to the server must specify the
attribute name that is associated with login permissions. This field specifies
this attribute name.
Advertisement
Table of Contents
