Configuring a LDAP User

This section describes how to configure a LDAP user.

Configuring a LDAP Server

To create a LDAP user, firstly, you need to configure a LDAP server to import an LDAP user and perform authentication. To configure an LDAP server, take the following steps:

  1. Select Objects > LDAP User from the menu bar.
  2. In the LDAP User dialog, configure basic options for the LDAP server in the LDAP Server Configuration section.
    • Server name: Specifies a name for the AD server.
    • Server address: Specifies an IP address or domain name for the AD server.
    • Port: Specifies a port number for the AD server. The value range is 1 to 65535. The default value is 389.
    • Login-dn: Specifies authentication characteristics for Login-dn (typically a user account with query privilege pre-defined by the AD server).
    • Base-dn: Specifies a Base-dn for the AD server. Base-dn is the starting point at which your search will begin when the AD server receives an authentication request.
    • Password: Specifies a password for the AD server. This should correspond to the password for Admin DN.
    • Confirm password: Type the password again to make confirmation.
    • Server name: Specifies a name for the LDAP server.
    • Server address: Specifies an IP address or domain name for the LDAP server.
    • Port: Specifies a port number for the LDAP server. The value range is 1 to 65535. The default value is 389.
    • Login-dn: Specifies authentication characteristics for Login-dn (typically a user account with query privilege pre-defined by the LDAP server).
    • Base-dn: Specifies a Base-dn for the LDAP server. Base-dn is the starting point at which your search will begin when the LDAP server receives an authentication request.
    • Password: Specifies a password for the LDAP server. This should correspond to the password for Admin DN.
    • Confirm password: Enter the password again to confrim.
  3. Click More Configuration... to configure advanced options for the LDAP server.
    • Role mapping rule: Specifies a role mapping rule for the AAA server. With this option selected, system will allocate a role for users who have been authenticated to the server according to the specified role mapping rule.
    • Backup server 1: Specifies an IP address or domain name for Backup server 1.
    • Backup server 2: Specifies an IP address or domain name for Backup server 2.
    • Authentication mode: Specifies an authentication mode (either plain text or MD5). The default mode is MD5.
    • Naming attribute: Specifies a naming attribute for the LDAP server. The default naming attribute is uid.
    • Member attribute: Specifies a member attribute for the LDAP server. The default member attribute is "uniqueMember".
    • Group class: Specifies a group class for the LDAP server. The default class is "groupofuniquenames".
  4. Click OK to save your settings.

Tip: For detailed information about IP/MAC Binding, Import and Export in the LDAP User dialog, see Configuring a User Binding.

Editing a LDAP Server

To edit a LDAP server, take the following steps:

  1. Select Objects > LDAP User from the menu bar.
  2. In the LDAP User dialog, select a LDAP server from the LDAP Server drop-down list, and click Edit. In the Edit LDAP Server dialog, modify according to your need.

Synchronizing Users

You can synchronize users in a LDAP server to the security device. To synchronize users, take the following steps:

  1. Select Objects > LDAP User from the menu bar.
  2. In the LDAP User dialog, select a server from the LDAP Server drop-down, and click Sync Users.