Lantronix SLC 8000 manual Uid=$login,ou=People,dc=lantronix,dc=com, and user roberts

11: User Authentication

Port

Number of the TCP port on the LDAP server to which the SLC talks. The default is

389.

Base

The name of the LDAP search base (e.g., dc=company, dc=com). May have up to

80 characters.

Bind Name

The name for a non-anonymous bind to an LDAP server. This item has the same

format as LDAP Base. One example is

cn=administrator,cn=Users,dc=domain,dc=com

Bind Password /

Password for a non-anonymous bind. This entry is optional. Acceptable characters

Retype Password

are a-z, A-Z, and 0-9.

The maximum length is 127 characters.

Bind with Login

Select to bind with the login and password that a user is authenticating with. This

requires that the Bind Name contain the $login token, which will be replaced with

the current login. For example, if the Bind Name is

uid=$login,ou=People,dc=lantronix,dc=com, and user roberts

logs into the SLC 8000 advanced console manager, LDAP will bind with

uid=roberts,ou=People,dc=lantronix,dc=com and the password

entered by roberts.

User Login Attribute

The attribute used by the LDAP server for user logins. If nothing is specified for the

user filter, the SLC unit will use "uid". For AD LDAP servers, the attribute for user

logins is typically "sAMAccountName".

Group Filter

The objectclass used by the LDAP server for groups. If nothing is specified for the

Objectclass

group filter, the SLC 8000 advanced console manager will use "posixGroup". For

AD LDAP servers, the objectclass for groups is typically "Group".

Group Member

The attribute used by the LDAP server for group membership. This attribute may be

Attribute

use to search for a name (ie, "msmith") or a Distinguished Name (ie,

"uid=msmith,ou=People,dc=lantronix,dc=com"). Select either Name or DN as

appropriate for the LDAP server. If nothing is specified for the group membership

attribute, the SLC unit will use "memberUID" for name and "uniqueMember" for DN.

For AD LDAP servers, the Group Membership Value is typically DN, with the Group

Membership Attribute of "member".

Group Member Value

The attribute used by the LDAP server for group membership. This attribute may be

use to search for a name (ie, "msmith") or a Distinguished Name (ie,

"uid=msmith,ou=People,dc=lantronix,dc=com"). Select either Name or DN as

appropriate for the LDAP server. If nothing is specified for the group membership

attribute, the SLC 8000 advanced console manager will use "memberUID" for

name and "uniqueMember" for DN. For AD LDAP servers, the Group Membership

Value is typically DN, with the Group Membership Attribute of "member".

Use LDAP Schema

Select the check box to obtain remote user attributes (group/permissions and port

access) from an Active Directory server's scheme via the user attribute 'Secure

LantronixPerms' (see details below). Disabled by default.

Active Directory

Select to enable. Active Directory is a directory service from Microsoft that is a part

Support

of Windows 2000 and later versions of Windows. It is LDAP- and Kerberos-

compliant. Disabled by default.

Encrypt Messages

Select Start TLS or SSL to encrypt messages between the SLC unit and the LDAP

server. If Start TLS is selected, the port will automatically be set to 389 and the

StartTLS extension will be used to initiate a secure connection; if SSL is selected,

the port will automatically be set to 636 and a SSL tunnel will be used for LDAP

communication. The port number can be changed to a non-standard LDAP port; if

the port number is set to anything other than 636, Start TLS will be used as the

encryption method. Disabled by default.

SLC™ 8000 Advanced Console Manager User Guide

192