Ldap group list format and rules – 8e6 Technologies Enterprise Filter Authentication R3000 User Manual
Page 303
A
PPENDIX
E: U
SER
/G
ROUP
F
ILE
F
ORMAT
AND
R
ULES
F
ILE
F
ORMAT
: R
ULES
AND
E
XAMPLES
8
E
6 T
ECHNOLOGIES
, R3000 I
NTERNET
F
ILTER
A
UTHENTICATION
U
SER
G
UIDE
289
• LDAP profile for a user with username “Public\, Joe Q.”,
organizational units “Users” and “Sales”, domain “qc”,
DNS suffix “.local”: Block all ports, use minimum filtering
level, use filter mode 1, use standard block page, enable
all filter options.
LDAP Group List Format and Rules
When setting up the “ldapgroupprofile.conf” file, each entry
must consist of the Distinguished Name (DN), with each
part of the DN separated by commas (,). The DN should be
followed by a semicolon (;), and then a rule number or rule
criteria (port, category, and filter mode specifications). A
redirect URL can be included, if a specific URL should be
used in place of the standard block page. If a redirect URL is
not included, a blank space should be entered in its place in
the profile string. Each segment of the profile string
following the semicolon for the DN should be separated by
commas (,). “0x1” should be placed at the end of a profile
string without any filter options enabled. For example:
CN=Sales, CN=Users, DC=qc, DC=local; Rule1, 1,
http://www.cnn.com, 0x1
NOTE: The DN format must contain the group name—and, if
applicable—user group "CN" ("common name") attribute type,
and the domain and DNS suffix "DC" ("domain component")
attribute type. The "OU" ("organizational unit") attribute type also
can be included. Each attribute type should be followed by an
equals sign (=), and separated by a comma (,).
When translated, this string of code means:
• LDAP profile for group with ID “Sales”, user group
“Users”, domain “qc”, DNS suffix “.local”: Bypass all cate-
gories, use filter mode 1, use redirect URL http://
www.cnn.com in place
of the standard block page, no
filter options enabled.