beautypg.com

Adding ldap groups -36 – Western Telematic AFS-16-1 User Manual

Page 57

background image

5-36

Basic Configuration

Search Bind Password: Sets the Password for the user who is allowed to search

the LDAP directory. (Default = undefined.)

User Search Base DN: Sets the directory location for user searches.

(Default = undefined.)

User Search Filter: Selects the attribute that lists the user name. Note that this

attribute should always end with "

=%S" (no quotes.) (Default = undefined.)

Group Membership Attribute: Selects the attribute that lists group

membership(s). (Default = undefined.)

Group Membership Value Type: (Default = DN.)

Fallback: Enables/Disables the LDAP fallback feature. When enabled, the

AFS-16 will revert to it's own internal user directory (see Section 5.5) if no defined
users are found via the LDAP server. In this case, port access rights will then be
granted as specified in the default LDAP group. (Default = Off.)

LDAP Group Setup: Provides access to a submenu, which is used to define LDAP

Groups as described in the Sections 5.9.8.1 through 5.9.8.4.

LDAP Kerberos Setup: Provides access to the Kerberos Setup menu as described

in Section 5.9.8.5. When the Bind Type is set to "Kerberos", the Kerberos Setup
menu is used to select Kerberos parameters. In the Text Interface, the link to the
Kerberos Setup menu will not be displayed unless the Bind Type is set to Kerberos.

5.9.8.1. Adding LDAP Groups
Once you have defined several users and passwords via your LDAP server, and
assigned those users to LDAP Groups, you must then grant access rights to each LDAP
Group at each AFS-16 unit. In order to add LDAP groups, you must log in to command
mode using a password that permits access to Administrator level commands. The Add
LDAP Group menu allows the following parameters to be defined:

Group Name: Note that this name must match the LDAP Group names that you

have assigned to users at your LDAP server. (Default = undefined.)

Access Level: Sets the command access level. For more information, please refer

to Section 5.4.1. (Default = User.)

Circuit Access: This item is used to select the AFS-16 Circuit Modules that

members of this LDAP group will be allowed to connect. (Default = All Circuits Off.)

Circuit Group Access: This item is used to determine which Circuit Groups the

members of this LDAP Group will be allowed to control. (Default = undefined.)

Service Access: This item determines how members of this LDAP Group will be

allowed to access command mode and whether or not they will be able to create
outbound Telnet connections. The Service Access parameter is used to allow
members of this LDAP group to access command mode via Serial Port, Telnet/SSH
or any combination thereof, and also enables/disables Outbound Telnet.
(Default; Serial Port = On, Telnet/SSH = On, Outbound Access = Off.)
Note: After you have defined LDAP Group parameters, make certain to save
the changes before proceeding. In the Web Browser Interface, click on the
"Add LDAP Group" button to save parameters; in the Text Interface, press the
[Esc] key several times until the "Saving Configuration" message is displayed.

See also other documents in the category Western Telematic Computer Accessories: