NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual
LDAP Authentication Domains for Group Policies and Bookmarks
LDAP (Lightweight Directory Access Protocol) is a standard for querying and updating a directory. Since LDAP supports a multilevel hierarchy (for example, groups or organizational units), the SSL VPN Concentrator can query this information and provide specific group policies or bookmarks based on LDAP attributes. By configuring LDAP attributes, the SSL VPN Concentrator administrator can leverage the groups that have already been configured in an LDAP or Active Directory database, rather than manually recreating the same groups in the SSL VPN Concentrator.
Once an LDAP authentication domain is created, a default LDAP group will be created with the same name as the LDAP domain name. Although additional groups may be added or deleted from this domain, the default LDAP group may not be deleted.
For an LDAP group, you may define LDAP attributes. For example, you can specify that users in an LDAP group must be members of a certain group or organizational unit defined on the LDAP server. Or you can specify a unique LDAP distinguished name.
Note: The Microsoft Active Directory database uses an LDAP organization schema. The Active Directory database may be queried using Kerberos authentication (the
standard authentication type; this is labeled “Active Directory” domain authentication in the SSL VPN Concentrator), NTLM authentication (labeled “NT Domain” authentication in the SSL VPN Concentrator), or using LDAP database queries. So, an LDAP domain configured in the SSL VPN Concentrator can authenticate to an Active Directory server.
To add an LDAP authentication domain, see “Authentication Domains” in Chapter 7.
Sample LDAP Attributes
You may enter up to 4 LDAP attributes per group. The following are some example LDAP attributes of Active Directory LDAP users:
name=”Administrator”
memberOf=”CN=Terminal Server Computers,CN=Users,DC=netgearnetworks, DC=net”objectClass=”user”
msNPAllowDialin=”FALSE”
Group and User Access Policies |