Ldap Configuration - ADDER AdderLink Digital iPEPS User Manual

LDAP configuration

The Digital iPEPS can optionally use the industry standard LDAP (Lightweight
Directory Access Protocol) to allow user authentication to occur in conjunction
with an externally held database. This screen allows you to configure details
related to the creation of an LDAP link to an external directory service, such as
an Active Directory server.
Use LDAP
Tick this option to enable the Lightweight Directory Access Protocol features of
the unit.
Host Address
Enter the IP address of the LDAP server that holds the required directory service.
Host Port
The standard port address for LDAP links is 389 and this should not need to be
changed unless special circumstances exist.
Base DN
This field allows you to enter the top level of the LDAP directory tree at
which to start an LDAP search. An example Base DN value might be:
"dc=catxip1000,dc=com"
User field
Enter the LDAP database field that will be used to match each user name
against. The details entered here will depend on the specific LDAP database
being used - 'uid' or 'cn' are commonly used values.
Anonymous Bind
If left unchecked then bind requests are sent with username (Base DN) and
password (more suitable for Active Directory applications).
If checked, bind requests are anonymous (more suitable for Linux LDAP
implementations).
Admin Password and LDAP Support
Even if LDAP authentication is enabled, the 'admin' user is still authenticated
locally, using the traditional authentication technique of matching to a locally
sorted password.
Active Directory authentication process
Typically, Active Directory deployments are not configured for anonymous
binding. Hence, in our implementation of LDAP and Active Directory support for
the Digital iPEPS we have opted have a single username and password to bind to
the directory and authenticate.
In order to use the ARQ3 LDAP with Active Directory ensure that "Anonymous
bind" is not checked in the LDAP configuration menu.
The process of authentication and associated LDAP transactions are as follows.
A user enters the username and password in the VNC viewer authentication
dialogue. This username and password is used as the "binddn" and "bindpw"
in the "simple bind request" sent to the Active Directory server. Upon binding
to the directory successfully, a LDAP search is performed for the same username
under the specified User Field in the specified Base DN . If the the search is
successful then the authentication is performed using the password entered
by the user. If the password is accepted by the Active Directory server, then
the process of authentication is completed and the user is unbound from the
directory.
Linux LDAP authentication process
In order to use the Digital iPEPS LDAP with Linux LDAP ensure that "Anonymous
bind" is checked in the LDAP configuration menu.
The process of authentication and associated LDAP transactions are as follows.
A user enters the username and password in the VNC viewer authentication
dialogue. An anonymous "simple bind request" is then sent to the LDAP server.
No username or password is sent at this stage. On binding to the directory
successfully, a LDAP search is performed for the username, under the specified
User Field and in the specified Base DN. If the the search is successful then the
authentication is performed using the password entered by the user. If the
password is accepted by the LDAP server, then the process of authentication is
completed and the user is unbound from the directory.
To get here
1 Using VNC viewer or a browser, log on as the 'admin' user.
2 Click the 'Configure' button in the top right corner.
3 Click the 'LDAP Configuration' option.
44