Table of Contents
Advertisement
Advanced properties
Backup server
Use the firewall
account to check user
authentication on the
directory
Click on Apply to confirm your configuration.
"Structure" tab
Read-only access
User selection filter
User group selection
filter
You are accessing the directory in read-only mode. The creation of users and groups will not
be allowed: If this option is selected, you will not be able to perform any actions in write mode.
Mapped attributes
Apply a model: This button offers you 3 choices of LDAP servers, which you will apply to define
your attributes:
OpenLDAP: LDAP server.
l
Microsoft Active Directory (AD): LDAP directory services for Windows operating systems.
l
Open Directory: directory of websites under license of Open Directory
l
External directory
attributes
Advanced properties
Protected characters
Password hash: The password encryption method for new users.
Some authentication methods (such as LDAP) have to store the user's password in the form of a
hash (result of a hash function applied to the password) which will avoid having to store the
password in plaintext.
You have to select your desired hash method from the following:
Page 101/448
This field allows defining a replacement server in the event the main server cannot be
contacted. You can select it from the list of objects suggested in the drop-down list.
When this option is selected, the firewall will use the identifier declared during the
creation of the directory in order to verify a user's privileges with the LDAP server
when the user authenticates.
Otherwise, the firewall will use the user's account to perform this verification.
When using the firewall in interaction with an external database, only
users that correspond to the filter will be used. By default this filter corresponds to
ObjectClass = InetOrgPerson.
When using the firewall in interaction with an external database, only
user groups that correspond to the filter will be used. By default this filter corresponds
to ObjectClass = GroupOfNames.
This column represents the value given to the attribute in the external directory.
Examples:
Cn= COMPANY
telephoneNumber= +33 (0)3 61 96 30
mail = salesadmin@company.com
For some external severs, a \ has to be added so that
LDAP requests will be taken into account.
SNS - USER CONFIGURATION MANUAL V.3
sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
DIRECTORIES CONFIGURATION
- Quick Links:
- Administrator Management
Hide quick links:
Advertisement
Table of Contents
