NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual
Sample LDAP Users and Attributes Settings
If you manually add a user to an LDAP group, then the user setting will take precedence over LDAP attributes.
For example:
An LDAP attribute objectClass=Person is defined for group Group1 and an LDAP attribute memberOf=CN=WINSUsers,DC=netgear,DC=net is defined for Group2.
•If user Jane is defined by an LDAP server as a member of the Person object class, but is not a member of the WINS Users group, Jane will be a member of the SSL VPN Concentrator Group1.
•But if the administrator manually adds the user Jane to the SSL VPN Concentrator Group2, then the LDAP attributes will be ignored and Jane will be a member of Group2.
Querying an LDAP Server
To query your LDAP or Active Directory server to find out the LDAP attributes of your users, you can use several different methods. From a machine with LDAPsearch tools (for example a Linux machine with OpenLDAP installed), run the following command:
ldapsearch
where
•10.0.0.5 is the IP address of the LDAP or Active Directory server
•cn=demo,cn=users,dc=netgear,dc=net is the distinguished name of an LDAP user
•demo123 is the password for the user demo
•dc=netgear,dc=net is the base domain that you are querying
•> /tmp/file is optional and defines the file where the LDAP query results will be saved.
For further information on querying an LDAP server from a Window server, please see: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechRef/8196d68e-
Authenticating Users |
