Configuration
In order to apply the LDAP feature, you must first define User Names and associated Passwords and group membership via your LDAP server, and then access the RSM command mode to enable and configure the LDAP settings and define port access rights and command access rights for each group that you have specified at the LDAP server.
To access the LDAP Parameters menu, access the command mode using a port and password that permit access to Supervisor Level commands and then proceed as follows:
•Text Interface: Type /N and press [Enter] to display the Network Parameters Menu (Figure 5.9.) At the Network Parameters Menu, type 27 and press [Enter] to display the LDAP parameters menu (Figure 5.22.)
•Web Browser Interface: At the Home Screen, click on the Network Configuration link to display the Network Configure menu (Figure 5.10,) and then click on the LDAP Parameters link to display the LDAP Parameters menu (Figure 5.23.)
Notes:
•Port access rights are not defined at the LDAP server. They are defined via the LDAP Group configuration menu on each RSM unit and are specific to that RSM unit alone.
•When LDAP is enabled and properly configured, LDAP authentication will supersede any passwords and access rights that have been defined via the RSM user directory.
•If no LDAP groups are defined on a given RSM unit, then access rights will be determined as specified by the "default" LDAP group.
•The "default" LDAP group cannot be deleted.
The LDAP Parameters Menu (Figure 5.22 or Figure 5.23) allows you to define the following parameters:
•Enable: Enables/disables LDAP authentication. (Default = Off.)
•LDAP Port: Defines the port that will be used to communicate with the LDAP server. (Default = 389.)
•Primary Host: Defines the IP address or domain name (up to 64 characters) for the primary LDAP server. (Default = undefined.)
•Secondary Host: Defines the IP address or domain name (up to 64 characters) for the secondary (fallback) LDAP server. (Default = undefined.)
•Bind Type: Sets the LDAP bind request password type. Note that in the Text Interface, when the Bind Type is set to "Kerberos" LDAP menu will include an additional prompt (item 14) that is used to select Kerberos parameters as described in Section 5.8.7.5. In the Web Interface, the link to the kerberos parameters menu is located at the bottom of the LDAP Parameters Menu. (Default = Simple.)
•Search Bind DN: Selects the user name who is allowed to search the LDAP directory. (Default = undefined.)
•Search Bind Password: Sets the Password for the user who is allowed to search the LDAP directory. (Default = undefined.)
