Panasonic NN46110-600 User Manual

34

Chapter 2 Configuring servers

General filter specification syntax:

•

If no filter is specified, the resultant search is (uid=username).

•

If a filter string is specified, the search is (&(uid=username)filterstring).

For example, a filter value of (|(ou=engineering)(ou=finance)) creates a search
that specifies UID=username and (ou= engineering or ou=finance)

(&(uid=username)(|(ou=engineering)(ou=finance)).

Certificate LDAP query syntax is (&(SubDn=<subject DN from
cert>)(CAAttribute=<issuer DN from cert>)myFilter) or

(&(SubAltName=<subject alt name from cert>)(CAAttribute=<issuer DN from

cert>)myFilter).

To determine the SubjectDN or Altname, check to see if the UID of the session is

the same as the subject DN of the certificate.

To configure LDAP proxy server authentication:

1

Select

Servers > LDAP Proxy

and click

Enable Access to LDAP Proxy

Server

.

a

In the

Remove Suffix from User ID

field, select to remove the fully

qualified ID suffix from the UID before sending it to the LDAP server.

b

Specify the character that separates the suffix from the UID as the

delimiter value.

c

In the

LDAP Proxy Server Users Obtain Default Settings

from the

Group

field, select the default group to which users are assigned.

d

Enter a number in the

Response Timeout Interval

dialog box.

2

Under

LDAP Proxy Servers

, enter a base

distinguished name (DN)

for the

server. This is usually in the form ou=organizational unit, o=organization,

c=country.

a

For the remote

LDAP server

, enter the

Master

,

Slave 1

, and

Slave 2

LDAP server host names or IP addresses. If the master server becomes
unavailable, the VPN Router attempts to initiate a connection with the

slave servers.

NN46110-600