Chapter 4: Web Interface Operations 47
Configuring LDAP
LDAP is a vendor-independent protocol standard used for accessing, querying and updating a
directory using TCP/IP. Based on the X.500 Directory Services model, LDAP is a global directory
structure that supports strong security features including authentication, privacy and integrity.
If individual user accounts are stored on an LDAP-
enabled directory service, such as Active
Directory, you can use the directory service to authenticate users. The default values given for the
LDAP search and query parameters are defined for use with Active Directory.
The settings made in the OBWI let you configure your authentication configuration parameters.
The so
ftware sends the username, password and other information to the appliance, which then
determines whether the user has permission to view or change configuration parameters for the
appliance in the OBWI.
NOTE: Unless otherwise specified, the LDAP default values should be used unless Active Directory has been
reconfigured. Modifying the default values may cause LDAP authentication server communication errors.
LDAP Overview parameters
On the LDAP Overview page in the OBWI, you can configure the LDAP authentication priority
and the parameters that define LDAP server connection information.
LDAP authentication priority
In the LDAP Priority section of the LDAP Overvi
ew page, you can disable LDAP, or you can set
the authentication priority by choosing whether local authentication or LDAP authentication should
happen first.
To configure LDAP authentication priority parameters:
1. Select Appl
iance - Appliance Settings - User Accounts - LDAP Accounts - Overview.
2. Select either LD
AP Disabled, LDAP before Local or LDAP after Local for the LDAP Priority.
3. Click Save.
L
DAP servers
The Address fields specify the host names or IP addr
esses of the primary and secondary LDAP
servers. The second LDAP server is optional.
The Port fields specify the User Datagram Protocol
(UDP) port numbers that communicate with the
LDAP servers. The default value is 389 for non-secure LDAP and 636 for secure LDAP (LDAPS).
The default Port ID is automatically entered by the software when an access type is specified.
The Access Type radio buttons specify how a query is sent to each LDAP target device. When
us
ing LDAP, all usernames, passwords and other information sent between an appliance and LDAP
server are sent as non-secure clear text. Use LDAPS for secure encrypted communication between
an appliance and LDAP server.