NETGEAR SSL312 manual Ldap Attribute Rules, Sample Ldap Users and Attributes Settings

Page 71

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual

LDAP Attribute Rules

•If multiple attributes are defined for a group, ALL attributes must be met by LDAP users.

•If no attributes are defined, then any user authorized by the LDAP server can be a member of the group.

•If multiple groups are defined and a user meets all the LDAP attributes for two groups, then the user will be considered part of the group with the most LDAP attributes defined. If the matching LDAP groups have an equal number of attributes, then the user will be considered a member of the group based on the alphabetical order of the groups.

•If an LDAP user fails to meet the LDAP attributes for all LDAP groups configured on the SSL VPN Concentrator, then the user will not be able to log into the portal. So the LDAP attributes feature not only allows the administrator to create individual rules based on the LDAP group or organization, it also allows the administrator to only allow certain LDAP users to log into the portal.

Sample LDAP Users and Attributes Settings

If a user is manually added to a LDAP group, then the user setting will take precedence over LDAP attributes.

For example:

•An LDAP attribute objectClass=”Person” is defined for group Group1 and an LDAP attribute memberOf=”CN=WINS Users,DC=netgearnetworks,DC=net” is defined for Group2.

•If user Jane is defined by an LDAP server as a member of the Person object class, but is NOT a member of the WINS Users group, Jane will be a member of the SSL VPN Concentrator Group1.

•But if the administrator manually adds the user Jane to the SSL VPN Concentrator Group2, then the LDAP attributes will be ignored and Jane will be a member of Group2.

Querying an LDAP Server

If you would like to query your LDAP or Active Directory server to find out the LDAP attributes of your users, there are several different methods. From a machine with LDAPsearch tools (for example a Linux machine with OpenLDAP installed) run the following command:

ldapsearch -h 10.0.0.5 -x -D “cn=demo,cn=users,dc=netgearnetworks,dc=net” -w demo123 -b “dc=netgearnetworks,dc=net” > /tmp/file

Group and User Access Policies

6-21

v1.0, August 2006

Image 71

Contents Netgear ProSafe SSL VPN Concentrator SSL312 Reference Manual Technical Support EU Regulatory Compliance Statement V1.0, August Contents Chapter Network Settings Chapter Port Forwarding Appendix B Related Documents Index Conventions, Formats and Scope About This ManualHow to Print this Manual How to Use This ManualPrinting a Chapter Xii About the ProSafe SSL VPN Concentrator Key FeaturesChapter Introduction Microsoft Windows Web Browser RequirementsFront Panel What’s in the BoxHardware Description Back Panel Installing the SSL VPN Concentrator Chapter Basic Installation and ConfigurationHttps//192.168.1.1 Configuring the ProSafe SSL VPN ConcentratorV1.0, August Logging in to the Management Interface User Name admin Password password V1.0, August SSL VPN Concentrator Status Chapter Status and LoggingStatus and Logging Event Log Priority of Log Messages Value Definition Active Users Log Settings E-mail Settings section Alerts Error Click Apply to confirm your settings System Configuration Utilities Chapter General SettingsExporting and Saving a Backup Configuration File Encrypting the Configuration FileImporting a Configuration File Upgrading the SSL VPN Concentrator Firmware Erasing and Restoring the Default SettingsTime and Date Settings V1.0, August Certificate Management V1.0, August V1.0, August V1.0, August V1.0, August V1.0, August Sample SSL VPN Concentrator Configuration Chapter Network SettingsConfiguring Network Settings Network Interface Configuration V1.0, August Click Apply to save your settings Network Route ConfigurationV1.0, August Network Host Table Settings Configuring DNS Settings V1.0, August Users, Groups and Global Policies Chapter Group and User Access Policies10.0.0.0 Global Policies Editing Global Policy SettingsAdding and Editing Global Policies V1.0, August Defining and Editing Global Bookmarks Groups ConfigurationAdding a New Group Editing Group Settings Defining and Editing Group Policies V1.0, August Defining and Editing Group Bookmarks You can also delete a group by clicking its Delete link Deleting a GroupUsers Configuration Adding a New User Editing a User V1.0, August Defining and Editing User Policies Defining and Editing a User Bookmarks Deleting a User Sample Ldap Attributes Ldap Authentication Domains for Group Policies and BookmarksQuerying an Ldap Server Sample Ldap Users and Attributes SettingsLdap Attribute Rules V1.0, August Chapter Domains and Layouts Authentication DomainsLocal User Database Authentication Radius Authentication NT Domain Authentication Ldap Authentication CN=Users,DC=yourdomain,DC=com Active Directory Authentication V1.0, August Deleting a Domain SSL VPN Concentrator Portal LayoutsPortal Layout and Theme Name section Adding Portal LayoutsV1.0, August V1.0, August Customizing the Banner Duplicating and Editing Portal Layouts V1.0, August Advanced Portal Page Layout Specifications Chapter Network Resources Network Resources V1.0, August V1.0, August Chapter VPN Tunnel Client SSL VPN Client ConfigurationAdding IP Address Ranges Adding Routes for VPN Tunnel Clients V1.0, August V1.0, August V1.0, August Chapter Port Forwarding Configuring Applications for Port ForwardingPort Forwarding Applications/TCP Port Numbers Configuring Host Name Resolution 10-4 Port Forwarding Factory Default Settings Appendix a Default Settings and Technical SpecificationsGMT Technical SpecificationsDocument Link Appendix B Related DocumentsV1.0, August Numerics IndexIndex-2 Index-3 Index-4 Index-5 Index-6

Related manuals

Manual 122 pages 23.62 Kb