Table of Contents
Advertisement
User authentication
c. Select LDAP for the new method from the Method drop-down.
Authentication methods are attempted in the order they are listed until an authentication
response, either pass or fail, is received. If Authoritative is enabled (see above), non-
authoritative methods are not attempted. See
methods
for information about rearranging the position of the methods in the list.
15. Click Apply to save the configuration and apply the change.
Command line
1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30
local command line as a user with full Admin access rights.
Depending on your device configuration, you may be presented with an Access selection
menu. Type admin to access the Admin CLI.
2. At the command line, type config to enter configuration mode:
> config
(config)>
3. (Optional) Prevent other authentication methods from being used if LDAP authentication fails.
Other authentication methods will only be used if the LDAP server is unavailable.
(config)> auth ldap authoritative true
(config)>
4. Set the type of TLS connection used by the LDAP server:
(config)> auth ldap tls value
(config)>
where value is one of:
off: Uses a non-secure TCP connection on the LDAP standard port, 389.
n
on: Uses an SSL/TLS encrypted connection on port 636.
n
start_tls: Makes a non-secure TCP connection to the LDAP server on port 389, then
n
sends a request to upgrade the connection to a secure TLS connection. This is the
preferred method for LDAP.
The default is off.
5. If tls is set to on or start_tls, configure whether to verify the server certificate:
(config)> auth ldap verify_server_cert value
(config)>
where value is either:
true: Verifies the server certificate with a known Certificate Authority.
n
false: Does not verify the certificate. Use this option if the server is using a self-signed
n
certificate.
IX30 User Guide
Rearrange the position of authentication
LDAP
741
Advertisement
Table of Contents
