Ad group settings – Raritan Computer CCA-0N-V5.1-E User Manual
Page 211
Chapter 12: Remote Authentication
193
5. Type a user's attributes in the Filter field so the search query will be
restricted to only those entries that meet this criterion. The default
filter is objectclass=user, which means that only entries of the type
user are searched.
6. Specify the way in which the search query will be performed for the
user entry.
Select the Use Bind checkbox if the user logging in from the
applet has permissions to perform search queries in the AD
server. If a username pattern is specified in Bind username
pattern, the pattern will be merged with the username supplied in
the applet and the merged username will be used to connect to
the AD server.
Example: If you specify cn={0},cn=Users,dc=raritan,dc=com and
TestUser has been supplied in the applet, then CC-SG uses
cn=TestUser,cn-Users,dc=raritan,dc=com to connect to the AD
server.
Select the Use Bind After Search checkbox to use the username
and password you specified in the General tab to connect to the
AD server. The entry is searched in the specified Base DN and is
found if it meets the specified filtering criterion and if the attribute
“samAccountName” is equal to the username entered in the
applet. Then, a second connection is attempted using the
username and password supplied in the applet. This second
bind assures that the user provided the correct password.
7. Click Next to proceed. The Groups tab opens.
AD Group Settings
In the Groups tab, you can specify the exact location from which you
want to import AD user groups.
Important: You must specify Group settings before you can import
groups from AD.
1. Click the Groups tab.
2. Specify a Base DN (directory level/entry) under which the groups,
containing the user to be authorized, will be searched.
Example
Description
dc=raritan,dc=com
The search query for the user
in the group will be made
over the whole directory
structure.
cn=Administrators,cn=Users,dc=raritan,dc=c
om
The search query for the user
in the group will be performed
only in the Administrators
sub-directory (entry).