Sentry Industries PT22 manual 55

Enabling and Setting up LDAP Support

There are a few configuration requirements for properly enabling and setting up LDAP support. Below is an overview of the minimum requirements.

Directory Services server configuration requirements:

1.Define at least one LDAP group.

2.Assign users to that LDAP group.

Sentry configuration requirements:

1.Enable LDAP support.

2.Define the IP address and domain component of at least one Directory Services server.

3.Set the LDAP bind request method being utilized by the Directory Services server.

4.Define the IP address of at least one DNS server.

5.Test DNS server configuration using Sentry ‘ping’ support.

6.Define at least one LDAP group and assign access rights for that group.

NOTE: LDAP group names on the Directory Service server and the Sentry must match.

Enabling and disabling LDAP support

The Set LDAP command is used to enable or disable LDAP support.

To enable or disable LDAP support:

At the Sentry: prompt, type set ldap, followed by enabled or disabled and press Enter.

Setting the LDAP host IP address

The Set LDAP HostIP command sets the TCP/IP address of the Directory Services server.

To set the LDAP host IP address:

At the Sentry: prompt, type set ldap, followed by hostip1 or hostip2 and the Directory Services server’s IP address. Press Enter.

Example

The following command sets the primary Directory Services server IP address to 98.76.54.32:

Sentry: set ldap hostip1 98.76.54.32<Enter>

Changing the LDAP server port

The Set LDAP port command sets the port to which the Sentry sends LDAP requests to on the previously defined LDAP server. The default port is 389.

To change the LDAP server port:

At the Sentry: prompt, type set ldap port, followed by the port number and press Enter.

Example

The following command sets the LDAP server port number to 8888:

Sentry: set ldap port 8888<Enter>

Setting the LDAP bind password type

The Set LDAP Bind command sets the password type used in the bind requests. The Sentry supports two LDAP bind methods – Simple and MD5.

The Simple method utilizes unencrypted delivery of a username-password over the network to the Active Directory server for authentication.

The MD5 digest method provides much stronger protection utilizing one-way encoded hash numbers, never placing the username-password on the network. For more information on MD5, see Setting the HTTP authentication method: on page 14.

NOTE: Windows 2000 is known only to support Simple binding. Windows 2003 supports both Simple and MD5 binding.

To set the bind password type:

At the Sentry: prompt, type set ldap bind, followed by simple or md5 and press Enter.