beautypg.com

To for, Where, Is the user account name – RSA Security 6.1 User Manual

Page 100: Is the rsa passcode associated with the user, and, Is the user’s cached password

background image

88

Using the LDAP Configuration Interface

September 2005

Figure 29

LDAP Schema (Slide 4 of 4)

While the LDAP virtual schema diagram shows as much of the detail of the
LDAP virtual schema as possible, the following rules and limitations should be
considered.

X

Bind request – All attempts to perform operations on the virtual schema
must be preceded by an LDAP Bind request that authenticates the
administrator to the RSA RADIUS Server. The Bind request must reference
an RSA RADIUS Server administrative account and must provide the
password that authenticates that account. This translates into the following
command line options for each invocation of the LDAP utilities:

-D "cn=username,o=radius" -w { passcode | cachedPW }

where

username

is the user account name,

passcode

is the RSA passcode

associated with the user, and

cachedPW

is the user’s cached password.

X

Uppercase and lowercase – The uppercase/lowercase rules for object
names are the same as in the RSA RADIUS Administrator application;
almost all object names are stored in the database in uppercase format.

X

Attributes – The LDAP virtual schema diagram does not explicitly list all the
dictionary attributes that are available in the latest version of
RSA RADIUS Server. The rules for entering dictionary attributes are that the
attribute name must match the name found in the dictionary and the syntax
type determines what is allowed for the attribute's value.

nasname=

radiusstatus=
acct_stats_by_nas

nasipaddr=

radiusstatus=
acct_stats_by_nasipaddr

cn=

Available Attributes:
dn
version
threads
connection
currentconnections
totalconnections
dtablesize
writewaiters
readwaiters
opsinitiated
opscompleted
entriessent
bytessent
currenttime

Available Attributes:
nasname
nasipaddr start
stop
interim
on
off
invalid-shared-secret