Raritan Computer SX32 用户手册
C
HAPTER
7:
A
UTHENTICATION AND
A
UTHORIZATION
75
Chapter 7: Authentication and Authorization
If you selected LDAP as your remote authentication protocol, use the steps in the following section,
Implementing LDAP Remote Authentication, to complete fields in the LDAP tab.
1. Before starting the configuration of the LDAP authentication section in the Dominion SX
Implementing LDAP Remote Authentication, to complete fields in the LDAP tab.
1. Before starting the configuration of the LDAP authentication section in the Dominion SX
configuration, please gather all information for the required fields from the administrator of the
directory server.
directory server.
2. Log on as a user with Admin privileges. Click on the Configuration tab, and then select the LDAP tab.
3. Enter the IP Address of your primary and secondary remote authentication servers in the Primary
3. Enter the IP Address of your primary and secondary remote authentication servers in the Primary
Server IP Address and Secondary Server IP Address fields.
4. Enter the server secret/password needed to authenticate against your remote authentication servers in
the Secret Phrases field. Re-type the server secret in the Confirm Secret Phrase field.
5. When finished, click Update and then click Save to save the changes made to the LDAP tab.
Implementing LDAP Remote Authentication
Important: Microsoft Active Directory functions natively as an LDAP authentication server.
If you choose LDAP authentication protocol, complete the LDAP fields as follows:
•
Use Secure LDAP – Apply this rule to enable LDAP(S), which ensures that all authentication requests
and replies transmitted over the network are encrypted. Generally, LDAP uses TCP port 389, and
LDAP(S) uses TCP port 636.
LDAP(S) uses TCP port 636.
•
Secret – This is the root password to access the directory server/manager. The name for this field
depends on the Directory Server. The SUN iPlanet directory server uses Secret. Microsoft Windows
Active Directory refers to it as the password.
Active Directory refers to it as the password.
•
Base DN – This is the 'root' point to bind to the server; this is same as Directory Manager DN (e.g.,
BaseDn: cn=Directory Manager)
•
Base Search – This is the sub-tree of the Base DN to direct the search to the path of the user
information such as UID and speed up search time. In other words, it is the domain name; this is where
the search starts for the user name. The user name is created in this domain. (e.g., BaseSearch:
dc=raritan, dc=com).
the search starts for the user name. The user name is created in this domain. (e.g., BaseSearch:
dc=raritan, dc=com).
•
Authorization Query String – This can be any string. But, the same string needs to be added as an
attribute under BaseSearch domain. For example, if the authorization query string is DominionSX,
then an attribute named DominionSX needs to be added under the given domain specified by
BaseSearch field. The values for this attribute are similar to as mentioned for RADIUS in Appendix C
of the Dominion SX user manual.
then an attribute named DominionSX needs to be added under the given domain specified by
BaseSearch field. The values for this attribute are similar to as mentioned for RADIUS in Appendix C
of the Dominion SX user manual.
For example:
o:* gives access to all ports and the user type is Operator.
o:1:2:3 gives access to ports 1,2,3 and user type is Operator
ob:* is for Observer
a:* is for Administrator
Consult your authentication server administrator for the appropriate values to type into these fields in
order to process LDAP authentication queries from Dominion SX.
order to process LDAP authentication queries from Dominion SX.
If you have any questions at this point, please contact your LDAP server administrator or Raritan
Customer Support.