Reviewing The Ldap Directory Structure And Configuration Procedure; Organizing The Security Appliance Ldap Schema - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Appendix E
Configuring an External Server for Authorization and Authentication
•
•
•
•
•
Reviewing the LDAP Directory Structure and Configuration Procedure
An LDAP server stores information as entries in a directory. An LDAP schema defines what types of
information such entries store. The schema lists classes and the set of required and optional attributes
that objects of each class can contain.
To configure your LDAP server to interoperate with the security appliance, define a security appliance
authorization schema. A security appliance authorization schema defines the class and attributes of that
class that the security appliance supports. Specifically, it comprises the object class
(User-Authorization) and all its possible attributes that may be used to authorize a security appliance
user (such as access hours, primary DNS, and so on). Each attribute comprises the attribute name,
number (called an object identifier or OID), type, and possible values.
Once you have defined the security appliance authorization schema and loaded it on your server, define
the security appliance attributes and permissions and their respective values for each user who will be
authorize use of the server.
In summary, to set up your LDAP server:
•
•
•
•
The specific steps of these processes vary, depending on which type of LDAP server you are using.
Organizing the Security Appliance LDAP Schema
This section describes how to perform searches within the LDAP hierarchy and authenticated binding to
the LDAP server on the security appliance. It includes the following topics:
•
•
Before you actually create your schema, think about how your organization is structured. Your LDAP
schema should reflect the logical hierarchy of your organization.
For example, suppose an employee at your company, Example Corporation, is named Terry. Terry works
in the Engineering group. Your LDAP hierarchy could have one or many levels. You might decide to set
up a shallow, single-level hierarchy in which Terry is considered a member of Example Corporation. Or,
you could set up a multi-level hierarchy in which Terry is considered to be a member of the department
Engineering, which is a member of an organizational unit called People, which is itself a member of
Example Corporation. See
A multi-level hierarchy has more granularity, but a single level hierarchy is quicker to search.
OL-12172-03
Organizing the Security Appliance LDAP Schema
Defining the Security Appliance LDAP Schema
Loading the Schema in the LDAP Server
Defining User Permissions
Reviewing Examples of Active Directory Configurations
Design your security appliance LDAP authorization schema based on the hierarchical set-up of your
organization.
Define the security appliance authorization schema.
Load the schema on the LDAP server.
Define permissions for each user on the LDAP server.
Searching the Hierarchy
Binding the Security Appliance to the LDAP Server
Figure E-1
for an example of this multi-level hierarchy.
Cisco Security Appliance Command Line Configuration Guide
Configuring an External LDAP Server
E-3
Advertisement
Table of Contents
Troubleshooting
