beautypg.com

Amer Networks E5Web GUI User Manual

Page 528

background image

LDAP Issues

Unfortunately, setting up LDAP authentication may not be as simple as, for example, RADIUS
setup. Careful consideration of the parameters used in defining the LDAP server to cOS Core is
required. There are a number of issues that can cause problems:

LDAP servers differ in their implementation. cOS Core provides a flexible way of configuring
an LDAP server and some configuration options may have to be changed depending on the
LDAP server software.

Authentication of PPTP or L2TP clients may require some administrative changes to the LDAP
server and this is discussed later.

Microsoft Active Directory as the LDAP Server

A Microsoft Active Directory can be configured in cOS Core as an LDAP server. There is one
option in the cOS Core LDAP server setup which has special consideration with Active Directory
and that is the Name Attribute. This should be set to SAMAccountName.

Due to LDAP protocol limitations, an LDAP user group set to primary cannot be received by cOS
Core from the Microsoft LDAP server and used in security policies.

Defining an LDAP Server

One or more named LDAP server objects can be defined in cOS Core. These objects tell cOS Core
which LDAP servers are available and how to access them.

Defining an LDAP server to cOS Core is sometimes not straightforward because some LDAP
server software may not follow the LDAP specifications exactly. It is also possible that an LDAP
administrator has modified the server LDAP schema so that an LDAP attribute has been renamed.

LDAP Attributes

To fully understand LDAP setup, it is important to note some setup values are attributes. These
are:

The Name attribute.

The Membership attribute.

The Password attribute.

An LDAP attribute is a tuple (a pair of data values) consisting of an attribute name (in this manual
we will call this the attribute ID to avoid confusion) and an attribute value. An example might be a
tuple for a username attribute that has an ID of username and a value of Smith.

These attributes can be used in different ways and their meaning to the LDAP server is usually
defined by the server's database schema. The database schema can usually be changed by the
server administrator to alter the attributes.

General Settings

The following general parameters are used for configuration of each server:

Chapter 8: User Authentication

528

This manual is related to the following products:
See also other documents in the category Amer Networks Computer Accessories: