Normal ldap authentication – Amer Networks E5Web GUI User Manual
Page 533

•
Total number of invalid usernames.
•
Total number of invalid password.
LDAP Authentication CLI Commands
The CLI objects that correspond to LDAP servers used for authentication are called
LDAPDatabase objects (LDAP servers used for certificate lookup are known as LDAPServer objects
in the CLI).
A specific LDAP server that is defined in cOS Core for authentication can be shown with the
command:
Device:/> show LDAPDatabase
The entire contents of the database can be displayed with the command:
Device:/> show LDAPDatabase
LDAP Authentication and PPP
When using a PPP based client for PPTP or L2TP access, special consideration has to be taken if
LDAP authentication is to succeed with CHAP, MS-CHAPv1 or MS-CHAPv2 encryption. The two
cases of (A) normal PPP authentication and (B) PPP with encryption are examined next.
A. Normal LDAP Authentication
Normal LDAP authentication for Webauth, XAuth, or PPP with PAP security is illustrated in the
diagram below. An authentication bind request with the username and password is sent to the
LDAP server which then performs the authentication and sends back a bind response with the
result.
Figure 8.1. Normal LDAP Authentication
The processing is different if a group membership is being retrieved since a request is sent to the
LDAP server to search for memberships and any group memberships are then sent back in the
response.
Chapter 8: User Authentication
533