188 Configuring authentication

Adding the LDAP authentication method

The command to create the authentication ID launches a wizard. When
prompted, enter the following information. For more information about the
parameters, see searchbase <DN>. You can later modify all settings for
the specific LDAP configuration (see “Configuring authentication methods”
(page 177) and “Modifying LDAP configuration settings” (page 189)).
authentication type—options are radius|ldap|local. Enter ldap.
authentication method name (auth name)—a string that specifies a
name for the method. After you have defined a name for the method,
you can use either the method name or the auth ID to access
the Authentication menu. In future releases of the Nortel SNAS
software, you will be able to reference this string in a client filter, so
that authentication to the server in question becomes a condition for
access rights for a group.
IP address of the LDAP server.
port on which the LDAP server is listening—the port number configured
on the LDAP server to specify the port used by the service. The default
is 389.
search base entry—the Distinguished Name (DN) that points to one
of the following:
the entry that is one level up from the user entries (does not require
isdBindDN and isdBindPassword)
if user entries are located in several places in the LDAP Dictionary
Information Tree (DIT), the position in the DIT from where all user
records can be found with a subtree search (requires isdBindDN
and isdBindPassword)
group attribute name—the LDAP attribute that contains the names of
the groups. You can specify more than one group attribute name.
user attribute name—refers to one of the following:
the LDAP attribute that contains the user name (does not require
isdBindDN and isdBindPassword)
the LDAP attribute that is used in combination with the user’s login
name to search the DIT (requires isdBindDN and isdBindPassword)
isdBindDN—used to authenticate the Nortel SNAS to the LDAP server,
so that the LDAP DIT can be searched. The isdBindDN corresponds
to an entry created in the Schema Admins account (for example,
cn=ldap ldap, cn=Users, dc=example, dc=com). An account
must be created on the LDAP server to enable the Nortel SNAS to do
the bind search in the directory structure.
Nortel Secure Network Access Switch
Using the Command Line Interface
NN47230-100 03.01 Standard
28 July 2008
Copyright © 2007,2008 NortelNetworks
.