Ldap database servers – Panasonic NN46110-600 User Manual

24

Chapter 2 Configuring servers

All authentication options have the following:

•

Diffie-Hellman key exchange (ISAKMP/Oakley Aggressive Mode) to build

the security association (SA).

•

User name and the password are never transmitted in the clear; a
cryptographic hash function (SHA-1) is used to protect the user’s identity.

•

Mutual authentication between the client and the VPN Router using a keyed

hash algorithm (HMAC).

•

Protection against authentication replay attacks through the use of session

cookies.

LDAP database servers

LDAP is a standard protocol for Internet directory services based on directory

entries. A directory service is a central repository of user information, such as
groups, users, filters, and services.

An entry is a collection of attributes with a distinguished name (DN), which refers

to the entry unambiguously. Each entry attribute has a type and one or more

values. Types are typically mnemonic strings; for example,

cn

represents common

name and

mail

represents e-mail address. The values depend on the attribute type.

For example, a mail attribute value might resemble [email protected].

LDAP directory entries are arranged in a hierarchical tree-like structure that
reflects political, geographic, and organizational boundaries. Country entries

appear at the top of the tree. The next entries represent states or national

organizations. The third-branch entries represent people, organizations, servers,
files, or any other readable database entry. You can use LDAP to read, search, add,

and remove information from the centralized database.

Note:

Nortel recommends that you back up your LDAP servers before

you make any changes so that you have a valid copy if the file becomes
corrupted.

NN46110-600