beautypg.com

Amer Networks E5Web GUI User Manual

Page 531

background image

Base Object

Defines where in the LDAP server tree search for user accounts shall begin.

The users defined on an LDAP server database are organized into a tree structure. The Base
Object specifies where in this tree the relevant users are located. Specifying the Base Object
has the effect of speeding up the search of the LDAP tree since only users under the Base
Object will be examined.

Important: The Base Object must be specified correctly

If the Base Object is specified incorrectly then this can mean that a user will not be
found and authenticated if they are not in the part of the tree below the Base Object.
The recommended option is therefore to initially specify the Base Object as the root
of the tree.

The Base Object is specified as a common separated domainComponent (DC) set. If the full
domain name is myldapserver.local.eu.com and this is the Base Object then this is specified as:

DC=myldapserver,DC=local,DC=eu,DC=com

The username search will now begin at the root of the myldapserver tree.

Administrator Account

The LDAP server will require that the user establishing a connection to do a search has
administrator privileges. The Administration Account specifies the administrator username.
This username may be requested by the server in a special format in the same way as
described previously with Use Domain Name.

Password/Confirm Password

The password for the administrator account which was specified above.

Domain Name

The Domain Name is used when formatting usernames. This is the first part of the full domain
name. In the examples above, the Domain Name is myldapserver. The full domain name is a
dot separated set of labels, for example, myldapserver.local.eu.com.

This option is only available if the Server Type is NOT set to Other.

This option can be left empty but is required if the LDAP server requires the domain name
when performing a bind request.

Optional Settings

There is one optional setting:

Password Attribute

The password attribute specifies the ID of the tuple on the LDAP server that contains the
user's password. The default ID is userPassword.

This option should be left empty unless the LDAP server is being used to authenticate users
connecting via PPP with CHAP, MS-CHAPv1, MS-CHAPv2 or when using SSL VPN.

When it is used, it determines the ID of the data field in the LDAP server database which

Chapter 8: User Authentication

531

This manual is related to the following products:
See also other documents in the category Amer Networks Computer Accessories: