Black Box iCompel ICOMP-ICC User Manual page 141

Caution: Do not use LDAP to control security for the iCC unless you have expertise with LDAP implementations. LDAP is
a powerful technology and enabling a misconceived configuration can make the iCC unusable.
Before beginning to configure security for the iCC using the options on the LDAP and LDAP Expert tabs, read through the
guidance that follows. When you have completed your configuration, click on the LDAP Tests tab to test it before rebooting
the iCC (see LDAP Tests
To begin with, it is important to understand the difference between the iCC and the LDAP security models:
The basic iCC security model prevents access to system features unless a user is authenticated and has explicit
l
permissions.
In the LDAP security model, a user is considered to have permission if an LDAP filter matches entries in the directory.
l
Typically, an LDAP filter establishes that a user is a member of a group.
Caution: If you use LDAP, the authentication method switches to HTTP Basic authentication (passwords are not
encrypted). If this is a concern, communicate over HTTPS.
What follows is guidance for completing each of the fields on the LDAP tab:
Configuration
l
Fallback User
l
Bind
l
FTP User
l
HTTP User
l
HTTP Permissions
l
Ad Hoc Users
l
Configuration:
You must check the Enable LDAP box to allow the iCC to use LDAP.
You must enter the Primary LDAP Server hostname and port and choose the Server Encryption.
The Server Encryption types are:
None – No encryption (passwords are sent in clear text) (standard LDAP port is 389).
l
SSL – The iCC encrypts all communications with the LDAP server using SSL (standard LDAP port is 636).
l
TLS – The iCC encrypts all communications with the LDAP server using TLS (standard LDAP port is 389).
l
The Certification Authority (CA) Certificate is required when SSL or TLS encryption is used. The certificate is required to be in
PEM format.
®
Note: Microsoft Active Directory
configuration of the Active Directory server.
Fallback User:
The fallback user can always login to the iCC and perform management tasks, even when LDAP authentication is not working.
Enter the username and password that you wish to use to manage the iCC in the event of problems with the LDAP setup.
Recommendation: Use a very strong password for the fallback user password.
for details).
®
does not support LDAP over TLS and by default LDAP requires additional
iCOMPEL Content Commander User Guide
141