ZyXEL Communications 110, 1100, 310 LDAP, Test, Enable, Cancel, Use SSL, Username, Active Directory, Active Directory, Active Directory, Active Directory, Active Directory

Chapter 31 AAA Server

Table 154 Configuration > Object > AAA Server > Active Directory (or LDAP) > Add (continued)

LABEL	DESCRIPTION
Base DN	Specify the directory (up to 127 alphanumerical characters). For example, o=ZyXEL,
	c=US.
	This is only for LDAP.

Use SSL	Select Use SSL to establish a secure connection to the AD or LDAP server(s).

Search time limit	Specify the timeout period (between 1 and 300 seconds) before the ZyWALL disconnects
	from the AD or LDAP server. In this case, user authentication fails.
	Search timeout occurs when either the user information is not in the AD or LDAP
	server(s) or the AD or LDAP server(s) is down.

Case-sensitive	Select this if the server checks the case of the usernames.
User Names

Bind DN	Specify the bind DN for logging into the AD or LDAP server. Enter up to 127
	alphanumerical characters.
	For example, cn=zywallAdmin specifies zywallAdmin as the user name.
Password	If required, enter the password (up to 15 alphanumerical characters) for the ZyWALL to
	bind (or log in) to the AD or LDAP server.

Retype to Confirm	Retype your new password for confirmation.

Login Name	Enter the type of identifier the users are to use to log in. For example “name” or “e-mail
Attribute	address”.

Alternative Login	If there is a second type of identifier that the users can use to log in, enter it here. For
Name Attribute	example “name” or “e-mail address”.

Group	An AD or LDAP server defines attributes for its accounts. Enter the name of the attribute
Membership	that the ZyWALL is to check to determine to which group a user belongs. The value for
Attribute	this attribute is called a group identifier; it determines to which group a user belongs. You
	can add ext-group-useruser objects to identify groups based on these group identifier
	values.
	For example you could have an attribute named “memberOf” with values like “sales”,
	“RD”, and “management”. Then you could also create a ext-group-useruser object for
	each group. One with “sales” as the group identifier, another for “RD” and a third for
	“management”.

Domain	Select the Enable checkbox to enable domain authentication for MSChap.
Authentication for	This is only for Active Directory.
MSChap
User Name	Enter the user name for the user who has rights to add a machine to the domain.
	This is only for Active Directory.

User Password	Enter the password for the associated user name.
	This is only for Active Directory.

Retype to Confirm	Retype your new password for confirmation.
	This is only for Active Directory.

Realm	Enter the realm FQDN.
	This is only for Active Directory.

Configuration	Use a user account from the server specified above to test if the configuration is correct.
Validation	Enter the account’s user name in the Username field and click Test.

OK	Click OK to save the changes.

Cancel	Click Cancel to discard the changes.

	405
ZyWALL 110/310/1100 Series User’s Guide	405