NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual
For an LDAP group, you can define LDAP attributes. For example, you can specify that users in an LDAP group must be members of a certain group or organizational unit defined on the LDAP server. Or you can specify a unique LDAP distinguished name.
Note: The Microsoft Active Directory database uses an LDAP organization schema. The Active Directory database can be queried using Kerberos authentication (the
standard authentication type; this is labeled “Active Directory” domain authentication in the SSL VPN Concentrator), NTLM authentication (labeled “NT Domain” authentication in the SSL VPN Concentrator), or using LDAP database queries. So, an LDAP domain configured in the SSL VPN Concentrator can authenticate to an Active Directory server.
To add an LDAP authentication domain, see “Authentication Domains” in Chapter 3.
Sample LDAP Attributes
You can enter up to 4 LDAP attributes per group. The following are some example LDAP attributes of Active Directory LDAP users:
name=Administrator
memberOf=CN=TerminalServerComputers,CN=Users,DC=netgear,
DC=net
objectClass=user
msNPAllowDialin=FALSE
LDAP Attribute Rules
•If multiple attributes are defined for a group, all attributes must be met by LDAP users.
•If no attributes are defined, then any user authorized by the LDAP server can be a member of the group.
•If multiple groups are defined and a user meets all the LDAP attributes for two groups, then the user will be considered part of the group with the most LDAP attributes defined. If the matching LDAP groups have an equal number of attributes, then the user will be considered a member of the group based on the alphabetical order of the groups.
•If an LDAP user fails to meet the LDAP attributes for all LDAP groups configured on the SSL VPN Concentrator, then the user will not be able to log into the portal. So the LDAP attributes feature not only allows the administrator to create individual rules based on the LDAP group or organization, it also allows the administrator to only allow certain LDAP users to log into the portal.
Authenticating Users |