Manuals / NETGEAR / Computer Equipment / Network Card

NETGEAR SSL312 manual Sample Ldap Attributes, Ldap Attribute Rules

Models: SSL312

1 122
Download 122 pages 23.62 Kb
Page 39
Image 39

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual

For an LDAP group, you can define LDAP attributes. For example, you can specify that users in an LDAP group must be members of a certain group or organizational unit defined on the LDAP server. Or you can specify a unique LDAP distinguished name.

Note: The Microsoft Active Directory database uses an LDAP organization schema. The Active Directory database can be queried using Kerberos authentication (the

standard authentication type; this is labeled “Active Directory” domain authentication in the SSL VPN Concentrator), NTLM authentication (labeled “NT Domain” authentication in the SSL VPN Concentrator), or using LDAP database queries. So, an LDAP domain configured in the SSL VPN Concentrator can authenticate to an Active Directory server.

To add an LDAP authentication domain, see “Authentication Domains” in Chapter 3.

Sample LDAP Attributes

You can enter up to 4 LDAP attributes per group. The following are some example LDAP attributes of Active Directory LDAP users:

name=Administrator

memberOf=CN=TerminalServerComputers,CN=Users,DC=netgear,

DC=net

objectClass=user

msNPAllowDialin=FALSE

LDAP Attribute Rules

If multiple attributes are defined for a group, all attributes must be met by LDAP users.

If no attributes are defined, then any user authorized by the LDAP server can be a member of the group.

If multiple groups are defined and a user meets all the LDAP attributes for two groups, then the user will be considered part of the group with the most LDAP attributes defined. If the matching LDAP groups have an equal number of attributes, then the user will be considered a member of the group based on the alphabetical order of the groups.

If an LDAP user fails to meet the LDAP attributes for all LDAP groups configured on the SSL VPN Concentrator, then the user will not be able to log into the portal. So the LDAP attributes feature not only allows the administrator to create individual rules based on the LDAP group or organization, it also allows the administrator to only allow certain LDAP users to log into the portal.

Authenticating Users

3-7

v2.0, May 2007

Page 38 Page 40
Page 39
Image 39
NETGEAR SSL312 manual Sample Ldap Attributes, Ldap Attribute Rules
Page 38 Page 40