NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual

Sample LDAP Users and Attributes Settings

If you manually add a user to an LDAP group, then the user setting will take precedence over LDAP attributes.

For example:

An LDAP attribute objectClass=Person is defined for group Group1 and an LDAP attribute memberOf=CN=WINSUsers,DC=netgear,DC=net is defined for Group2.

If user Jane is defined by an LDAP server as a member of the Person object class, but is not a member of the WINS Users group, Jane will be a member of the SSL VPN Concentrator Group1.

But if the administrator manually adds the user Jane to the SSL VPN Concentrator Group2, then the LDAP attributes will be ignored and Jane will be a member of Group2.

Querying an LDAP Server

To query your LDAP or Active Directory server to find out the LDAP attributes of your users, you can use several different methods. From a machine with LDAPsearch tools (for example a Linux machine with OpenLDAP installed), run the following command:

ldapsearch -h 10.0.0.5 -x -D cn=demo,cn=users,dc=netgear,dc=net -w demo123 -b dc=netgear,dc=net > /tmp/file

where

10.0.0.5 is the IP address of the LDAP or Active Directory server

cn=demo,cn=users,dc=netgear,dc=net is the distinguished name of an LDAP user

demo123 is the password for the user demo

dc=netgear,dc=net is the base domain that you are querying

> /tmp/file is optional and defines the file where the LDAP query results will be saved.

For further information on querying an LDAP server from a Window server, please see: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechRef/8196d68e- 776a-4bbc-99a6-d8c19f36ded4.mspx

3-8

Authenticating Users

v2.0, May 2007

Page 39 Page 41
Page 40
Image 40
NETGEAR SSL312 manual Sample Ldap Users and Attributes Settings, Querying an Ldap Server
Page 39 Page 41
Top Page Image Contents