Setting the user search base Distinguished Name (DN)

The Set LDAP UserBaseDN command is used to set the base (DN) for the login username search. This is where the search will start, and will include all subtrees. Maximum size is 100 characters.

To set the user search base DN:

At the Sentry: prompt, type set ldap userbasedn and press Enter. At the following prompt, type the search base DN and press Enter.

Example

The following sets the DN user search base for MSAD to ‘cn=Users,dc=servertech,dc=com’:

Sentry: set ldap userbasedn<Enter>

Enter User Search Base DN (Max characters 100): cn=Users,dc=servertech,dc=com<Enter>

Setting the user search filter

The Set LDAP UserFilter command is used to set the search filter for the username entered at the login prompt.

The search filter must be entered within parenthesis and adhere to the following format:

(searchfilter=%s)

where ‘searchfilter’ is the name of the attribute in the user class which has a value that represents the user’s login name. In this string, the ‘%s’ will be replaced by the entered username. Maximum string length is 100 characters.

To set the user search filter:

At the Sentry: prompt, type set ldap userfilter and press Enter. At the following prompt, type the User Search Filter and press Enter.

Example

The following sets the user search filter for MSAD to ‘samaccountname’:

Sentry: set ldap userfilter<Enter>

Enter User Search Filter (Max characters 100): (samaccountname=%s)<Enter>

Setting the authentication order

The Set Authorder command sets the authentication order for remote authentication sessions. The Sentry supports two methods for authentication order - Remote -> Local and Remote Only.

The Remote -> Local method first attempts authentication with the Active Directory server and if unsuccessful with the local user database on the Sentry device.

The Remote Only method attempts authentication only with the Active Directory server and if unsuccessful, access is denied.

NOTE: With the Remote Only method, if authentication fails due to a communication failure with the Active Directory server automatic authentication fallback will occur to authenticate with the local user data base on the Sentry device.

To set the authentication order:

At the Sentry: prompt, type set authorder, followed by remotelocal or remoteonly and press Enter.

NOTE: Server Technology recommends NOT setting the authentication order to Remote Only until the LDAP has been fully configured and tested.

Sentry PT22

Advanced Operations • 57

Installation and Operations Manual