Table 3-8 LDAP Authentication (continued)
Callout | Area on the screen | Information or capability that the area provides |
|
|
|
2 | LDAP Server Bind | The LDAP Server Bind Method setting determines how the device will access the |
| Method | LDAP server. Contact your LDAP server administrator to determine which method |
|
| will work best for you. |
|
| ● Simple - The selected LDAP server does not support encryption. Note that the |
|
| password, if any, will be sent unencrypted across the network. |
|
| ● Simple over SSL - The selected LDAP server supports encryption using the |
|
| Secure Sockets Layer (SSL) protocol. All data, including the username and |
|
| password, will be encrypted. The LDAP server must be set up to support SSL, |
|
| including configuring a certificate that establishes its identity. |
|
| Also, the device network interface must be configured with a Certificate Authority |
|
| (CA) certificate to validate the LDAP server. The CA certificate is configured on |
|
| the Networking tab of the Web interface. In some LDAP server configurations, |
|
| a client certificate is also required and is configured on the same Networking |
|
| tab. |
|
|
|
3 | LDAP Server | The LDAP Server setting is the host name or IP address of the LDAP server to be |
|
| used to authenticate device users. When using SSL, the name or address typed here |
|
| must match the name in the certificate that the server sends. |
|
| Multiple servers can be included in this field by separating their addresses with a |
|
| vertical bar ('', ASCII 0x7c) character. This feature can be used, for example, to |
|
| specify primary and backup servers. The network interface only supports a single |
|
| Certificate Authority (CA) certificate, so all the LDAP servers in the list must use the |
|
| same CA. |
|
|
|
4 | Port | The Port setting refers to the TCP/IP port number on which the server is processing |
|
| LDAP requests. Typically, this is port 389 for Simple binds or 636 for Simple over SSL |
|
| binds. |
|
|
|
5 | Use Device User's | The Use Device User's Credentials method uses the Bind Prefix, the string that the |
| Credentials | user enters at the control panel, and the Bind and Search Root to construct the User |
|
| DN. The constructed User DN is used to authenticate the user. |
|
| The Bind Prefix setting is the LDAP attribute used to construct the user's |
|
| Distinguished Name (DN) for authentication. This prefix is combined with the |
|
| username typed at the control panel to form the Relative Distinguished Name (RDN). |
|
| Commonly used prefixes are "CN" (for common name) or "UID" (for user identity). |
|
|
|
6 | Use LDAP | Use Administrator’s Credentials attempts to search for the user’s DN instead of trying |
| Administrator's | to construct it. |
| Credentials | The Administrator DN is the DN (Distinguished Name) of a user who has read access |
|
| |
|
| to the LDAP directory. The account entered here does not have to have administrative |
|
| access to the directory. Read access is sufficient. |
|
| The Administrator Password is the password of the user whose user DN was entered |
|
| in the Administrator DN field. |
|
|
|
7 | Bind and search Root | When the Use Device User’s Credentials method is selected, the Bind and Search |
|
| Root value is used during both phases of authentication. During the credential |
|
| verification phase, this value is combined with the RDN to construct the full |
Distinguished Name (DN) of the user. During the user information searching phase, this value is the DN of the LDAP entry where the search begins.
When the Use LDAP Administrator's Credentials method is selected, the Bind and Search Root is only used as a search root. The Search Root of the base of the LDAP directory can be specified, and the device will search the entire LDAP tree for the user object corresponding to the username entered at the device.
Settings
ENWW | LDAP Authentication 43 |