ZyXEL Communications ZyWALL 1000 38.2 Directory Service (AD/LDAP) Overview, 38.2.1Directory Structure, 38.1.2User Authentication Method

Chapter 38 AAA Server

5Configure the ASAS as a RADIUS server in the ZyWALL’s Object > AAA Server screens.

6Give the OTP tokens to (local or remote) users.

38.1.2User Authentication Method

You can select to authenticate users using the local user database and/or a specified authentication server. By default, user accounts created and stored on the ZyWALL are authenticated locally.

38.2 Directory Service (AD/LDAP) Overview

LDAP/AD allows a client (the ZyWALL) to connect to a server to retrieve information from a directory. A network example is shown next.

Figure 389 Example: Directory Service Client and Server

The following describes the user authentication procedure via an LDAP/AD server.

1A user logs in with a user name and password pair.

2The ZyWALL tries to bind (or log in) to the LDAP/AD server.

3When the binding process is successful, the ZyWALL checks the user information in the directory against the user name and password pair.

4If it matches, the user is allowed access. Otherwise, access is blocked.

38.2.1Directory Structure

The directory entries are arranged in a hierarchical order much like a tree structure. Normally, the directory structure reflects the geographical or organizational boundaries. The following figure shows a basic directory structure branching from countries to organizations to organizational units to individuals.