Managing ldap authentication servers, Managing – Nortel Networks 5500 series User Manual

Page 193

Advertising
background image

Configuring authentication

193

Table 37
Configuring LDAP settings (cont’d.)

/cfg/doamin #/aaa/auth #/ldap

followed by:

enashortgr

Enables the short group format.

Configures the NVG to extract the first part of
a returned Distinguished Name (DN) as the
group name to be used. This makes it easier
to configure the group name in the VPN to
configure the entire DN string as group name.

groupsearc

the LDAP Group Search menu.

adv

the Advanced LDAP menu.

Managing LDAP authentication servers

You can configure additional LDAP servers for the domain, for
redundancy. You can have a maximum of three LDAP authentication
servers in the configuration. You can control the order in which the LDAP
servers respond to authentication requests.

If there is more than one LDAP server configured for the Nortel SNAS
domain, the first accessible LDAP server in the list returns a reply to
the query. This stops the query, regardless of whether or not the client’s
credentials were matched. If you add more than one LDAP server to the
domain, for redundancy, ensure that each listed LDAP server contains the
same SSL domain client database.

If the Nortel SNAS clients are dispersed in different LDAP server
databases, you can configure the LDAP servers as separate authentication
methods, with different authentication IDs. If you include all LDAP
authentication IDs in the authentication order, each LDAP server will be
used to authenticate client groups.

To enable LDAP authentication, ensure that the authentication ID that
represents the LDAP configuration is included in the authentication
order you have specified for the Nortel SNAS domain (see

“Specifying

authentication fallback order” (page 209)

).

To manage the LDAP servers used for client authentication in the domain,
use the following command:

/cfg/doamin #/aaa/auth #/ldap/servers

The LDAP servers menu appears.

Nortel Secure Network Access Switch

Using the Command Line Interface

NN47230-100

03.01

Standard

28 July 2008

Copyright © 2007, 2008 Nortel Networks

.

Advertising
This manual is related to the following products:

450 series, 325 series, 425 series

Popular Brands
Popular manuals