Chapter 37 AAA Server
organizational boundaries. The following figure shows a basic directory structure branching from countries to organizations to organizational units to individuals.
Figure 341 Basic Directory Structure
| Sprint | Sales |
|
|
|
|
|
|
|
| |||||
|
|
| |||||||||||||
|
|
|
|
|
|
|
|
|
|
|
| ||||
US | RD3 |
|
|
|
|
|
|
|
|
|
|
|
| ||
|
|
|
|
|
|
|
|
|
|
|
| ||||
|
|
|
|
|
|
|
|
|
|
|
| ||||
UPS | QA |
|
|
|
|
|
|
|
|
|
|
| |||
|
|
|
|
|
|
|
|
|
|
| |||||
|
|
|
|
|
|
|
|
|
|
| |||||
Root | CSO |
|
|
|
|
|
|
|
| ||||||
|
|
|
|
|
|
|
| ||||||||
|
|
|
|
|
|
|
| ||||||||
|
|
|
|
|
|
|
| ||||||||
Japan | NEC | Sales |
|
|
|
|
|
|
|
|
|
| |||
|
|
|
|
|
|
|
|
|
|
|
| ||||
|
|
|
|
|
|
|
|
|
|
| |||||
|
|
|
|
|
|
|
|
| |||||||
| RD |
|
|
|
|
|
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| ||
|
|
|
|
|
|
|
|
|
|
|
|
|
| ||
|
|
|
|
|
|
|
|
|
|
|
| ||||
|
|
|
|
|
|
|
| ||||||||
Countries | Organizations Organization Units Unique | ||||||||||||||
Common
Name (cn)
Distinguished Name (DN)
A DN uniquely identifies an entry in a directory. A DN consists of
cn=domain1.com, ou = Sales, o=MyCompany, c=US cn=domain1.com, ou = Sales, o=MyCompany, c=JP
Base DN
A base DN specifies a directory. A base DN usually contains information such as the name of an organization, a domain name and/or country. For example, o=MyCompany, c=UK where o means organization and c means country.
Bind DN
A bind DN is used to authenticate with an LDAP/AD server. For example a bind DN of cn=zywallAdmin allows the ZyWALL to log into the LDAP/AD server using the user name of zywallAdmin. The bind DN is used in conjunction with a bind password. When a bind DN is not specified, the ZyWALL will try to log in as an anonymous user. If the bind password is incorrect, the login will fail.
Finding Out More
•See Section 7.5.3 on page 122 for an example of how to set up user authentication using a radius server.
576 |
| |
ZyWALL USG 20/20W User’s Guide |
| |
|
|
|