Manuals / Western Telematic / Computer Equipment / Switch

Western Telematic AFS-16-1 manual Group Membership Value Type Default = DN

Models: AFS-16-1

1 135
Download 135 pages 23.28 Kb
Page 57
Image 57

Basic Configuration

Search Bind Password: Sets the Password for the user who is allowed to search the LDAP directory. (Default = undefined.)

User Search Base DN: Sets the directory location for user searches. (Default = undefined.)

User Search Filter: Selects the attribute that lists the user name. Note that this attribute should always end with "=%S" (no quotes.) (Default = undefined.)

Group Membership Attribute: Selects the attribute that lists group membership(s). (Default = undefined.)

Group Membership Value Type: (Default = DN.)

Fallback: Enables/Disables the LDAP fallback feature. When enabled, the AFS-16 will revert to it's own internal user directory (see Section 5.5) if no defined users are found via the LDAP server. In this case, port access rights will then be granted as specified in the default LDAP group. (Default = Off.)

LDAP Group Setup: Provides access to a submenu, which is used to define LDAP Groups as described in the Sections 5.9.8.1 through 5.9.8.4.

LDAP Kerberos Setup: Provides access to the Kerberos Setup menu as described in Section 5.9.8.5. When the Bind Type is set to "Kerberos", the Kerberos Setup menu is used to select Kerberos parameters. In the Text Interface, the link to the Kerberos Setup menu will not be displayed unless the Bind Type is set to Kerberos.

5.9.8.1. Adding LDAP Groups

Once you have defined several users and passwords via your LDAP server, and assigned those users to LDAP Groups, you must then grant access rights to each LDAP Group at each AFS-16 unit. In order to add LDAP groups, you must log in to command mode using a password that permits access to Administrator level commands. The Add LDAP Group menu allows the following parameters to be defined:

Group Name: Note that this name must match the LDAP Group names that you have assigned to users at your LDAP server. (Default = undefined.)

Access Level: Sets the command access level. For more information, please refer to Section 5.4.1. (Default = User.)

Circuit Access: This item is used to select the AFS-16 Circuit Modules that members of this LDAP group will be allowed to connect. (Default = All Circuits Off.)

Circuit Group Access: This item is used to determine which Circuit Groups the members of this LDAP Group will be allowed to control. (Default = undefined.)

Service Access: This item determines how members of this LDAP Group will be allowed to access command mode and whether or not they will be able to create outbound Telnet connections. The Service Access parameter is used to allow members of this LDAP group to access command mode via Serial Port, Telnet/SSH or any combination thereof, and also enables/disables Outbound Telnet.

(Default; Serial Port = On, Telnet/SSH = On, Outbound Access = Off.)

Note: After you have defined LDAP Group parameters, make certain to save the changes before proceeding. In the Web Browser Interface, click on the "Add LDAP Group" button to save parameters; in the Text Interface, press the [Esc] key several times until the "Saving Configuration" message is displayed.

5-36

Page 56 Page 58
Page 57
Image 57
Western Telematic AFS-16-1 manual Group Membership Value Type Default = DN
Page 56 Page 58