5 Servicing the Network Management Module
5.1 Configuring/Commissioning/Testing LDAP
5.1.1 Commissioning
Refer to the
section Contextual help>>>Settings>>>Remote users>>>LDAP
5.1.1.1 Configuring connection to LDAP database
This step configures the LDAP client of the network module to request data from an LDAP base.
1.
Activate LDAP.
2.
Define security parameters according to LDAP servers' requirements.
3.
Configure primary server (and optionally a secondary one).
4.
If security configuration needs server certificate verification, import your LDAP server certificate.
Refer to the section to get help on certificate import.
In case LDAP server certificate is self-signed, import the self-signed certificate in the Trusted remote certificate list
a.
for LDAP service.
b.
in case LDAP server certificate has been signed by a CA, import the corresponding CA in the Certificate authorities
(CA) list for LDAP service.
Configure credentials to bind with the LDAP server or select anonymous if no credentials are required.
5.
Configure the Search base DN .
6.
7.
Configure the request parameters (see examples below).
5.1.1.1.1 Typical request parameters
Parameter
User base DN
User name attribute
Group base DN
Group name attribute
5.1.1.2 Map remote users to profile
This step is mandatory and configures the Network module to give permissions to the LDAP users.
Users not belonging to a group mapped on a profile will be rejected.
Configure the rules to mapped LDAP users to profile:
1.
Enter LDAP group name.
2.
Select the profile to assigned.
You can define up to 20 mapping rules.
All LDAP users belonging to the configured LDAP group will have permissions granted by the associated profile.
OpenLDAP
ou=users, dc=example, dc=com
uid
ou=groups, dc=example, dc=com ou=groups, dc=example, dc=com
gid
to get help on the configuration.
Active Directory™ with POSIX account
activated
ou=users, dc=example, dc=com
uid
gid
Servicing the Network Management Module – 169
Configuring/Commissioning/Testing LDAP
Active Directory™
ou=users, dc=example, dc=com
sAMAccountName
ou=groups, dc=example, dc=com
sAMAccountName