Normal ldap authentication – Amer Networks E5Web GUI User Manual

•

Total number of invalid usernames.

•

Total number of invalid password.

LDAP Authentication CLI Commands

The CLI objects that correspond to LDAP servers used for authentication are called
LDAPDatabase objects (LDAP servers used for certificate lookup are known as LDAPServer objects
in the CLI).

A specific LDAP server that is defined in cOS Core for authentication can be shown with the
command:

Device:/> show LDAPDatabase

The entire contents of the database can be displayed with the command:

Device:/> show LDAPDatabase

LDAP Authentication and PPP

When using a PPP based client for PPTP or L2TP access, special consideration has to be taken if
LDAP authentication is to succeed with CHAP, MS-CHAPv1 or MS-CHAPv2 encryption. The two
cases of (A) normal PPP authentication and (B) PPP with encryption are examined next.

A. Normal LDAP Authentication

Normal LDAP authentication for Webauth, XAuth, or PPP with PAP security is illustrated in the
diagram below. An authentication bind request with the username and password is sent to the
LDAP server which then performs the authentication and sends back a bind response with the
result.

Figure 8.1. Normal LDAP Authentication

The processing is different if a group membership is being retrieved since a request is sent to the
LDAP server to search for memberships and any group memberships are then sent back in the
response.

Chapter 8: User Authentication

533