LDAP Setup Server window

System Administrator Guide for VSP 5000 Series

Version
90-08-8x
Audience
anonymous
Part Number
MK-98RD9009-13

To open this window, select LDAP in the Select Authentication Server window.



The following table describes the fields and settings used to edit the server information.

Item

Description

Certificate File Name

Specify a certificate file. Click Browse to find the file.

The specified certificate is also used for the secondary server.

DNS Lookup

Specify whether to search for the LDAP server using the information registered in the SRV records in the DNS server.

  • Enable: Do not select the search using information registered in the SRV records in the DNS server.
  • Disable: Select the search using the host name and the port number.

Authentication Protocol

Specify an LDAP protocol to use. Available protocols are as follows.

  • Select LDAP over SSL/TLS
  • Do not select STARTTLS

If you select Enable in DNS Lookup, you cannot select LDAP over SSL/TLS.

External User Group Mapping

Specify whether to connect an authentication server to an authorization server.

  • Enable: Connects an authentication server to an authorization server.
  • Disable: Does not connect an authentication server to an authorization server.

External User Group Mapping - Host Name

Specify a host name of the LDAP server.

ASCII code characters, hyphens (-), and periods (.) can be specified.

If you select Enable in DNS Lookup, this item is disabled.

External User Group Mapping - Port Number

Specify a port number of the LDAP server.

If you select Enable in DNS Lookup, this item is disabled.

External User Group Mapping - Domain Name

Specify a domain name that the LDAP server manages.

You can specify ASCII code characters, hyphens (-), and periods (.).

External User Group Mapping - User Name Attribute

Specify an attribute name to identify a user, such as a user ID.

You can specify ASCII code characters and the following symbols:

! # $ % & ' ( ) * + , -. / : ; < = > ? @[ \ ] ^ _` {| } ~

  • Hierarchical model

    Specify an attribute name where the value that can identify a user is stored.

  • Flat model

    Specify an attribute name for a user entry's RDN.

    sAMAccountName is used for Active Directory.

External User Group Mapping - Timeout

Specify the number of seconds before connection to the LDAP server times out.

External User Group Mapping - Retry Interval

Specify a retry interval in seconds when the connection to the LDAP server fails.

External User Group Mapping - Number of Retries

Specify retry times when the connection to the LDAP server fails.

External User Group Mapping - Base DN

Search for users to authenticate by specifying a base DN.

Available characters: Alphanumeric characters (ASCII characters) and all symbols.

  • Hierarchical model: Specify a DN of hierarchy that includes all of the targeted users for searching.
  • Flat model: Specify a DN of hierarchy that is one level above the targeted user for searching.

To use symbols such as + ; , < = and > in the basedn field, type a backslash (\) before each symbol. When using multiple symbols, each symbol must have a backslash (\) before it. For example, to enter abc++, type abc\+\+.

To use backslash (\) , forward slash (/), or quotation mark (") in the basedn field, type a backslash (\) followed by the ASCII code in hex for the symbol:
  • Type \5c to enter a backslash (\).
  • Type \2f to enter a forward slash (/).
  • Type \22 to enter a quotation mark (").

External User Group Mapping - Search User's DN

Search for a user by specifying a DN.

Available characters: Alphanumeric characters (ASCII characters) and all symbols.

If you specify sAMAccountName in External User Group Mapping - User Name Attribute, or if you select Enable in External User Group Mapping, this item must be specified.

To use symbols such as + ; , < = and > in the searchdn field, type a backslash (\) before each symbol. When using multiple symbols, each symbol must have a backslash (\) before it. For example, to enter abc++, type abc\+\+.

To use backslash (\) , forward slash (/), or quotation mark (") in the searchdn field, type a backslash (\) followed by the ASCII code in hex for the symbol:
  • Type \5c to enter a backslash (\).
  • Type \2f to enter a forward slash (/).
  • Type \22 to enter a quotation mark (").

External User Group Mapping - Password

Search for a user by specifying his password.Search for a user by specifying his password. Specify the same password that is registered in the LDAP server.

You can specify ASCII code characters and the following symbols:

! # $ % & ' ( ) * + - . = @ \ ^ _ |

If you specify sAMAccountName in External User Group Mapping - User Name Attribute, or if you select Enable in External User Group Mapping, this item must be specified.

External User Group Mapping - Re-enter Password

Re-enter the password of the user group you are searching for to confirm your entry.

You can specify ASCII code characters and the following symbols:

! # $ % & ' ( ) * + - . = @ \ ^ _ |

If you enter any password in External User Group Mapping - Password, you must specify this item.

Secondary Server

Specify whether to use a secondary LDAP server.

  • Enable: Uses a secondary LDAP server.
  • Disable: Does not use a secondary LDAP server.

If you select Enable in DNS Lookup, this item is disabled.

Secondary Server - Host Name

Specify a host name of the secondary LDAP server.

You can specify ASCII code characters, hyphens (-), and periods (.).

If you select Disable in Secondary Server, this item is disabled.

Secondary Server -Port Number

Specify a port number of the secondary LDAP server.

If you select Disable in Secondary Server, this item is disabled.

Test User Name

Specify a user name for a server connection test.

You can specify ASCII code characters and the following symbols:

! # $ % & ' * + - . / = ? @ ^ _ ` { | } ~

Password

Specify a password of the user name for a server connection test.

You can specify ASCII code characters and the following symbols:

! # $ % & ' ( ) * + , -. / : ; < = > ? @[ \ ] ^ _` { | } ~

Server Configuration Test

Click Check to conduct a server connection test for the authentication server and the authorization server based on the specified settings.

Server Configuration Test - Result

Displays a result of the server connection test for the authentication server and the authorization server.