D-Link NetDefend DFL-210 User Manual page 323

8.2.4. External LDAP Servers
• Base Object
Defines where in the LDAP server tree search for user accounts shall begin.
The users defined on an LDAP server database are organized into a tree structure. The Base
Object specifies where in this tree the relevant users are located. Specifying the Base Object has
the effect of speeding up the search of the LDAP tree since only users under the Base Object
will be examined.
The Base Object is specified as a common separated domainComponent (DC) set. If the full
domain name is myldapserver.local.eu.com and this is the Base Object then this is specified as:
DC=myldapserver,DC=local,DC=eu,DC=com
The username search will now begin at the root of the myldapserver tree.
• Administrator Account
The LDAP server will require that the user establishing a connection to do a search has
administrator privileges. The Administration Account specifies the administrator username. This
username may be requested by the server in a special format in the same way as described
previously with Use Domain Name.
• Password/Confirm Password
The password for the administrator account which was specified above.
• Domain Name
The Domain Name is used when formatting usernames. This is the first part of the full domain
name. In our examples above, the Domain Name is myldapserver. The full domain name is a dot
separated set of labels, for example, myldapserver.local.eu.com.
This option is only available if the Server Type is NOT set to Other.
This option can be left empty but is required if the LDAP server requires the domain name when
performing a bind request.
Optional Settings
There is one optional setting:
• Password Attribute
The password attribute specifies the ID of the tuple on the LDAP server that contains the user's
password. The default ID is userPassword.
This option should be left empty unless the LDAP server is being used to authenticate users
connecting via PPP with CHAP, MS-CHAPv1 or MS-CHAPv2.
When it is used, it determines the ID of the data field in the LDAP server database which
contains the user password in plain text. The LDAP server admininstrator must make sure that
this field actually does contain the password. This is explained in greater detail later.
Important: The Base Object must be specified correctly
If the Base Object is specified incorrectly then this can mean that a user will not be
found and authenticated if they are not in the part of the tree below the Base
Object. The recommended option is therefore to initially specify the Base Object as
the route of the tree.
323
Chapter 8. User Authentication