Dell 3-DNS Using the local LDAP database only, Configuring the unit to use an external LDAP or RADIUS server

Chapter 3

3 - 12

Using the local LDAP database only

When you run the Setup utility, you are not required to configure an external

LDAP or RADIUS database to manage user authentication. Instead, you can

use the default authentication mechanism, which is the 3-DNS Controller’s

local LDAP database. In this case, the local LDAP database manages not

only authorization for your 3-DNS users, but also authentication. All users

subsequently attempting to log on to a 3-DNS Controller must enter a user

name and password, which are checked against user data stored in the local

database. If the user name and password are found and verified in that

database, the user is authenticated.

Configuring the unit to use an external LDAP or RADIUS server

When you run the Setup utility, you can configure an external (remote)

server, either LDAP or RADIUS, to manage user authentication for the

3-DNS Controller. When you choose this configuration option, all users

subsequently attempting to log on to a 3-DNS Controller must enter a user

name and password, which are checked against user data stored in that

external database. If the user name and password are found and verified in

that database, the user is authenticated.

Note

In the event that authentication fails with an external LDAP or RADIUS

server, you can log in with accounts locally, such as the root and admin

accounts.

When you configure the unit to use an external LDAP server for user

authentication, you need the following information:

• The IP address of the LDAP server, or the IP address of the primary

server if you have more than one LDAP server.

• The base distinguished name of each LDAP server. This name must be

the same for each server.

• Optionally, the user name of the account that you want to bind to the

LDAP server as the search account. The search account is a read-only

account used to do searches. This account must be able to access

passwords. If you have more than one LDAP server, this account must be

the same on each server.

• If you configure an LDAP search account, you need the password for

that account. If you have more than one LDAP server, you must use the

same search account and password.

• After you configure external authentication, you need to set the

authorization level, or role, for each user you want to allow to access the

controller. You can do this after you complete the Setup utility. Add an

account and role for each user in the User Administration screen of the

Configuration utility. Since the external authentication server handles the

password authentication, you do not need to enter a password for these