Ldap Server Failover And Fallback To Local Configuration; Configure Your Ix30 Device To Use An Ldap Server - Digi IX30 User Manual

User authentication
cn: John Smith
sn: Smith
uid: john
ou: admin serial

LDAP server failover and fallback to local configuration

In addition to the primary LDAP server, you can also configure your IX30 device to use backup LDAP
servers. Backup LDAP servers are used for authentication requests when the primary LDAP server is
unavailable.
Falling back to local authentication
With user authentication methods, you can configure your IX30 device to use multiple types of
authentication. For example, you can configure both LDAP authentication and local authentication, so
that local authentication can be used as a fallback mechanism if the primary and backup LDAP
servers are unavailable. Additionally, users who are configured locally but are not configured on the
LDAP server are still able to log into the device. Authentication methods are attempted in the order
they are listed until the first successful authentication result is returned; therefore if you want to
ensure that users are authenticated first through the LDAP server, and only authenticated locally if the
LDAP server is unavailable or if the user is not defined on the LDAP server, then you should list the
LDAP authentication method prior to the Local users authentication method.
See User authentication methods
If the LDAP servers are unavailable and the IX30 device falls back to local authentication, only users
defined locally on the device are able to log in. LDAP users cannot log in until the LDAP servers are
brought back online.

Configure your IX30 device to use an LDAP server

This section describes how to configure a IX30 device to use an LDAP server for authentication and
authorization.
Required configuration items
Define the LDAP server IP address or domain name.
n
Add LDAP as an authentication method for your IX30 device.
n
Additional configuration items
Whether other user authentication methods should be used in addition to the LDAP server, or if
n
the LDAP server should be considered the authoritative login method.
The LDAP server port. It is configured to 389 by default.
n
Whether to use Transport Layer Security (TLS) when communicating with the LDAP server.
n
The distinguished name (DN) and password used to communicate with the server.
n
The distinguished name used to search to user base.
n
The group attribute.
n
The number of seconds to wait to receive a message from the server.
n
Add additional LDAP servers in case the first LDAP server is unavailable.
n

Web
IX30 User Guide
for more information about authentication methods.
LDAP
738