beautypg.com

Ldap parameters -35 – Western Telematic AFS-16-1 User Manual

Page 56

background image

5-35

Basic Configuration

5.9.8. LDAP Parameters
The AFS-16 supports LDAP (Lightweight Directory Access Protocol,) which allows
authentication via the "Active Directory" network Directory Service. When LDAP is
enabled and properly configured, command access rights can be granted to new users
without the need to define individual new accounts at each AFS-16 unit, and existing
users can also be removed without the need to delete the account from each
AFS-16 unit. This type of authentication also allows administrators to assign users
to LDAP groups, and then specify which circuits the members of each group will be
allowed to control at each AFS-16 unit.

In order to apply the LDAP feature, you must first define User Names and associated
Passwords and group membership via your LDAP server, and then access the AFS-16
command mode to enable and configure the LDAP settings and define port access
rights and command access rights for each group that you have specified at the LDAP
server. Note that in order to access the LDAP Parameters menu, you must login to AFS-
16 command mode using a password that permits Administrator level commands.

Notes:

• Circuit access rights are not defined at the LDAP server. They are defined via

the LDAP Group configuration menu on each AFS-16 unit and are specific to
that AFS-16 unit alone.

• When LDAP is enabled and properly configured, LDAP authentication will

supersede any passwords and access rights that have been defined via the
AFS-16 user directory.

• If no LDAP groups are defined on a given AFS-16 unit, then access rights will

be determined as specified by the "default" LDAP group.

• The "default" LDAP group cannot be deleted.

The LDAP Parameters Menu allows the following parameters to be defined:

Enable: Enables/disables LDAP authentication. (Default = Off.)

Primary Host: Defines the IP address or domain name (up to 64 characters) for

the primary LDAP server. (Default = undefined.)

Secondary Host: Defines the IP address or domain name (up to 64 characters) for

the secondary (fallback) LDAP server. (Default = undefined.)

LDAP Port: Defines the port that will be used to communicate with the LDAP

server. (Default = 389.)

TLS/SSL: Enables/Disables TLS/SSL encryption. Note that when TLS/SSL

encryption is enabled, the LDAP Port should be set to 636. (Default = Off.)

Bind Type: Sets the LDAP bind request password type. Note that in the Text

Interface, when the Bind Type is set to "Kerberos" LDAP, the menu will include an
additional prompt (item 14) that is used to select Kerberos parameters as described
in Section 5.9.8.5. In the Web Interface, the button which is used to access the
Kerberos Parameters menu is located at the bottom of the LDAP Parameters Menu.
(Default = Simple.)

Search Bind DN: Selects the user name who is allowed to search the LDAP

directory. (Default = undefined.)

See also other documents in the category Western Telematic Computer Accessories: