LDAP

The Sentry family of products supports Lightweight Directory Access Protocol (LDAP) Version 3. This support enables authentication with LDAP servers; user accounts do not need to be individually created locally on each Sentry device.

This allows administrators to pre-define and configure (in each Sentry product, and in the LDAP server) a set of necessary LDAP Groups, and access rights for each. User’s access rights can then be assigned or revoked simply by making the user a member of one-or-more pre-defined Sentry LDAP Groups. User accounts can be added, deleted, or changed in the LDAP server without any changes needed on individual Sentry products.

Sentry 5.3b LDAP support has been tested in the following environments:

Microsoft Active Directory (MSAD)

Novell eDirectory (eDir)

OpenLDAP

LDAP Command Summary

Command

Description

Set Authorder

Specifies the authentication order for each new session attempt

 

 

Set LDAP

Enables/disables LDAP support

 

 

Set LDAP HostIP

Sets the IP address of the Directory Services server

 

 

Set LDAP Port

Sets the LDAP server port number

 

 

Set LDAP Bind

Specifies the LDAP bind request password type

 

 

Set LDAP BindDN

Specifies the user account Fully-Qualified Distinquished Name (FQDN) for binds

 

 

Set LDAP BindPW

Specifies the user account password for binds

 

 

Set LDAP GroupAttr

Specifies the user class distinguished name (DN) or names of groups a user is a

 

member of

 

 

Set LDAP GroupType

Specifies the data type for the Set LDAP GroupAttr command

 

 

Set LDAP UserBaseDN

Sets the base distinguished name (DN) for the username search at login

 

 

Set LDAP UserFilter

Sets the filter used for the username search at login

 

 

Show LDAP

Displays LDAP configurations

 

 

Set DNS

Sets the IP address of the Domain Name server

 

 

Ping

Verifies proper DNS configuration by name resolution

 

 

Show Network

Displays network configuration information

 

 

Create LDAPGroup

Adds an LDAP group name

 

 

Remove LDAPGroup

Deletes an LDAP group name

 

 

Add GrouptoLDAP

Grants an LDAP group access to one or more groups

 

 

Add OutlettoLDAP

Grants an LDAP group access to one or all outlets

 

 

Add PorttoLDAP

Grants an LDAP group access to one or serial ports

 

 

Delete GroupfromLDAP

Removes access to one or more groups for an LDAP group

 

 

Delete OutlettoLDAP

Removes access to one or more outlets for an LDAP group

 

 

Delete PortfromLDAP

Removes access to one or more serial ports for an LDAP group

 

 

Set LDAPGroup Access

Sets the access level for an LDAP group

 

 

Set LDAPGroup Envmon

Grants or removes privileges to view input and environmental monitoring status

 

 

List LDAPGroup

Displays all accessible outlet/groups/ports for an LDAP group

 

 

List LDAPGroups

Displays privilege levels for all LDAP groups

54 • Advanced Operations

Sentry PT22

 

Installation and Operations Manual