beautypg.com

Services deployment considerations – Brocade Mobility Access Point System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Page 623

background image

Brocade Mobility Access Point System Reference Guide

613

53-1003100-01

9

28. Set the following Attributes for LDAP groups to optimally refine group queries:

29. Select the OK button to save the changes to the LDAP server configuration. Select Reset to

revert to the last saved configuration.

Services Deployment Considerations

Getting Started with the Mobile Computer

Before defining the access point’s configuration using the Services menu, refer to the following
deployment guidelines to ensure the configuration is optimally effective:

Brocade recommends each RADIUS client use a different shared secret password. If a shared
secret is compromised, only the one client poses a risk as opposed all the additional clients
that potentially share that secret password.

Consider using an LDAP server as a database of user credentials that can be used optionally
with the RADIUS server to free up resources and manage user credentials from a secure
remote location.

Designating at least one secondary server is a good practice to ensure RADIUS user
information is available if a primary server were to become unavailable.

Base DN

Specify a distinguished name (DN) that establishes the base object for the
search. The base object is the point in the LDAP tree at which to start searching.
LDAP DNs begin with the most specific attribute (usually some sort of name), and
continue with progressively broader attributes, often ending with a country
attribute. The first component of the DN is referred to as the Relative
Distinguished Name (RDN). The RDN identifies an entry distinctly from any other
entries that have the same parent.

Bind Password

Enter a valid password for the LDAP server. Select the Show check box to expose
the password’s actual character string. Leave the option unselected to display
the password as a string of asterisks (*). The password cannot 32 characters.

Password Attribute

Enter the LDAP server password attribute. The password cannot exceed 64
characters.

Group Attribute

LDAP systems have the facility to poll dynamic groups. In an LDAP dynamic
group, an administrator can specify search criteria. All users matching the
search criteria are considered a member of this dynamic group. Specify a
group attribute used by the LDAP server. An attribute could be a group name,
group ID, password or group membership name.

Group Filter

Specify the group filters used by the LDAP server. The group filter is typically
used for security role-to-group assignments and specifies the property to look
up groups in the directory service.

Group Membership Attribute

Specify the group member attribute sent to the LDAP server when
authenticating users.

See also other documents in the category Brocade Computer Accessories: