Fetching crls from an alternate ldap server, Setting up an ldap server – D-Link DFL-2500 User Manual

message includes the two IP addresses as well as the client identity.

Optionally, the affected SA can be automatically deleted if validation fails by enabling the advanced
setting IPsecDeleteSAOnIPValidationFailure. The default value for this setting is Disabled.

9.4.4. Fetching CRLs from an alternate LDAP server

An X.509 root certificate usually includes the IP address or hostname of the Certificate Authority to
contact when certificates or Certificate Revocation Lists need to be downloaded to the D-Link
Firewall. Lightweight Directory Access Protocol (LDAP) is used for these downloads.

However, in some scenarios, this information is missing, or the administrator wishes to use another
LDAP server. The LDAP configuration section can then be used to manually specify alternate
LDAP servers.

Example 9.9. Setting up an LDAP server

This example shows how to manually setup and specify a LDAP server.

CLI

gw-world:/> add LDAPServer Host=192.168.101.146 Username=myusername

Password=mypassword Port=389

Web Interface

1.

Go to Objects > VPN Objects > LDAP > Add > LDAP Server

2.

Now enter:

•

IP Address: 192.168.101.146

•

Username: myusername

•

Password: mypassword

•

Confirm Password: mypassword

•

Port: 389

3.

Click OK

9.4.4. Fetching CRLs from an alternate
LDAP server

Chapter 9. VPN

259