D-Link NetDefend DFL-210 User Manual page 307
Network security firewall
Hide thumbs
Also See for NetDefend DFL-210:
- User manual (495 pages) ,
- Log reference manual (476 pages) ,
- Cli reference manual (213 pages)
Table of Contents
Advertisement
8.2.4. External LDAP Servers
LDAP server authentication is automatically configured to work using LDAP Bind Request
Authentication. This means that authentication succeeds if successful connection is made to the
LDAP server. Individual clients are not distinguished from one another.
LDAP server referrals should not occur with bind request authentication but if they do, the server
sending the referral will be regarded as not having responded.
B. Activating LDAP Server User Authentication
When one or multiple LDAP server objects are defined, the next step is to have a user authentication
rule which refers to them.
One or more of the server objects can be associated as a list with a user authentication rule. The
ordering of the list determines the order in which server access is attempted. The first server in the
list has the highest precedence and will be used before those lower down.
Server Responses
When an LDAP server is queried by NetDefendOS with a user authentication request, the following
are the possible outcomes:
1.
The server replies with a positive response and the user is authenticated.
2.
The server replies with a negative response and the user is not authenticated.
3.
The server does not respond within the Timeout period specified for the server. If only one
server is specified then authentication will be considered to have failed. If there are alternate
servers defined for the user authentication rule then these are queried next.
Real-time Monitoring Statistics
The following statistics are available for real-time monitoring of LDAP server access for user
authentication:
•
Number of authentications per second.
•
Total number of authentication requests.
•
Total number of successful authentication requests.
•
Total number of failed authentication requests.
•
Total number of invalid usernames.
•
Total number of invalid password.
LDAP Authentication CLI Commands
The CLI objects that correspond to LDAP servers used for authentication are called LDAPDatabase
objects (LDAP servers used for certificate lookup are known as LDAPServer objects in the CLI).
A specific LDAP server that is defined in NetDefendOS for authentication can be shown with the
command:
gw-world:/> show LDAPDatabase <object_name>
The entire contents of the database can be displayed with the command:
307
Chapter 8. User Authentication
- Quick Links:
- The Cli
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
