Table of Contents
Advertisement
34 Chapter 2 Configuring servers
General filter specification syntax:
•
•
For example, a filter value of (|(ou=engineering)(ou=finance)) creates a search
that specifies UID=username and (ou= engineering or ou=finance)
(&(uid=username)(|(ou=engineering)(ou=finance)).
Certificate LDAP query syntax is (&(SubDn=<subject DN from
cert>)(CAAttribute=<issuer DN from cert>)myFilter) or
(&(SubAltName=<subject alt name from cert>)(CAAttribute=<issuer DN from
cert>)myFilter).
To determine the SubjectDN or Altname, check to see if the UID of the session is
the same as the subject DN of the certificate.
To configure LDAP proxy server authentication:
1
2
NN46110-600
If no filter is specified, the resultant search is (uid=username).
If a filter string is specified, the search is (&(uid=username)filterstring).
Select Servers > LDAP Proxy and click Enable Access to LDAP Proxy
Server.
a
In the Remove Suffix from User ID field, select to remove the fully
qualified ID suffix from the UID before sending it to the LDAP server.
b Specify the character that separates the suffix from the UID as the
delimiter value.
c
In the LDAP Proxy Server Users Obtain Default Settings from the
Group field, select the default group to which users are assigned.
d Enter a number in the Response Timeout Interval dialog box.
Under LDAP Proxy Servers, enter a base distinguished name (DN) for the
server. This is usually in the form ou=organizational unit, o=organization,
c=country.
a
For the remote LDAP server, enter the Master, Slave 1, and Slave 2
LDAP server host names or IP addresses. If the master server becomes
unavailable, the VPN Router attempts to initiate a connection with the
slave servers.
Advertisement
Table of Contents
