Adding the ldap authentication method – Nortel Networks 5500 series User Manual

Page 188

Advertising
background image

188

Configuring authentication

Adding the LDAP authentication method

The command to create the authentication ID launches a wizard. When
prompted, enter the following information. For more information about the
parameters, see searchbase <DN>. You can later modify all settings for
the specific LDAP configuration (see

“Configuring authentication methods”

(page 177)

and

“Modifying LDAP configuration settings” (page 189)

).

authentication type—options are

radius|ldap|local

. Enter

ldap

.

authentication method name (

auth name

)—a string that specifies a

name for the method. After you have defined a name for the method,
you can use either the method name or the

auth ID

to access

the Authentication menu. In future releases of the Nortel SNAS
software, you will be able to reference this string in a client filter, so
that authentication to the server in question becomes a condition for
access rights for a group.

IP address of the LDAP server.

port on which the LDAP server is listening—the port number configured
on the LDAP server to specify the port used by the service. The default
is 389.

search base entry—the Distinguished Name (DN) that points to one
of the following:

the entry that is one level up from the user entries (does not require
isdBindDN and isdBindPassword)

if user entries are located in several places in the LDAP Dictionary
Information Tree (DIT), the position in the DIT from where all user
records can be found with a subtree search (requires isdBindDN
and isdBindPassword)

group attribute name—the LDAP attribute that contains the names of
the groups. You can specify more than one group attribute name.

user attribute name—refers to one of the following:

the LDAP attribute that contains the user name (does not require
isdBindDN and isdBindPassword)

the LDAP attribute that is used in combination with the user’s login
name to search the DIT (requires isdBindDN and isdBindPassword)

isdBindDN—used to authenticate the Nortel SNAS to the LDAP server,
so that the LDAP DIT can be searched. The

isdBindDN

corresponds

to an entry created in the Schema Admins account (for example,

cn=ldap ldap, cn=Users, dc=example, dc=com

). An account

must be created on the LDAP server to enable the Nortel SNAS to do
the bind search in the directory structure.

Nortel Secure Network Access Switch

Using the Command Line Interface

NN47230-100

03.01

Standard

28 July 2008

Copyright © 2007, 2008 Nortel Networks

.

Advertising
This manual is related to the following products:

450 series, 325 series, 425 series

Popular Brands
Popular manuals