Configuring Ldap Authentication - Red Hat CERTIFICATE SYSTEM 7.2 - ADMINISTRATION Administration Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.2 - ADMINISTRATION:
- Manual (240 pages) ,
- Reference manual (337 pages) ,
- Release note (24 pages)
Table of Contents
Advertisement
auth.instance.1.hostport=ldap-qa.example.com:2222
auth.instance.1.SSLOn=false
auth.instance.1.retries=1
auth.instance.1.retryConnect=3
auth.instance.1.baseDN=o=qa
auth.instance.1.ui.title.en=LDAP Authentication
auth.instance.1.ui.description.en=This authenticates user against the QA
LDAP directory.
auth.instance.1.ui.id.UID.name.en=LDAP User ID
auth.instance.1.ui.id.PASSWORD.name.en=LDAP Password
auth.instance.1.ui.id.UID.description.en=QA LDAP User ID
auth.instance.1.ui.id.PASSWORD.description.en=QA LDAP Password
##########################################################################
• The two format operation profiles are devKey and qaKey.
• The two mapping order 0 refers to the devKey and 1 refers to the qaKey.
• The two authentication instances 0 and 1 correspond to ldap-dev and ldap-qa, respectively.
The process for a format operation is as follows:
1. The user inserts the token. The token is recognized by its CUID in the Enterprise Security Client.
2. The user selects the token and clicks Format.
3. The Enterprise Security Client prompts for LDAP authentication.
4. The format operation completes.
When the token is selected in the Enterprise Security Client, the Enterprise Security Client sends in
the applet version, CUID, ATR, and other information about the token to the TPS server. TPS server
checks the op.format.mapping.. section in the CS.cfg file and figures out which tokenType to
use for the token, either devKey or qaKey. It then uses the appropriate op.format... section to
perform LDAP authentication to the appropriate server and to the corresponding TKS for generating
session keys.
7.6. Configuring LDAP Authentication
The TPS can be configured to require the user to authenticate to an LDAP directory when a smart
card operation request is received. There are three parameters for this which can be set for the format,
reset PIN, or enrollment operation:
op.operation.key type.auth.enable
op.operation.key type.auth.id
op.operation.key type.loginRequest.enable
Setting these parameters set whether LDAP authentication is required, the LDAP directory to use for
the authentication, and to send the login request to the smart card.
NOTE
The user must have an existing LDAP user entry in the LDAP server instance specified in
the TPS's CS.cfg file in order to complete the operation.
Configuring LDAP Authentication
165
Advertisement
Table of Contents
Need help?
Do you have a question about the CERTIFICATE SYSTEM 7.2 - ADMINISTRATION and is the answer not in the manual?
Questions and answers