Filter
Top Products
Service Name
The DNS SRV request that is sent to the DNS server must also specify a
service name. The configured value is used. If this field is left blank, the
default value is ldap. The DNS SRV request must also specify a protocol
name. The default is tcp and is not configurable.
v
To use a preconfigured LDAP server, select Use Pre-Configured LDAP
Server.
Note: The port number for each server is optional. If the field is left blank,
the default value of 389 is used for nonsecured LDAP connections.
For secured connections, the default is 636. You must configure at
least one LDAP server.
You can configure the following parameters:
Root DN
This is the distinguished name (DN) for the root entry of the directory tree
on the LDAP server (for example, dn=mycompany,dc=com). This DN is
used as the base object for all searches.
Group Filter
This field is used for group authentication. Group authentication is
attempted after the user’s credentials are successfully verified. If group
authentication fails, the user’s attempt to log on is denied. When the group
filter is configured, it is used to specify to which groups this Service
Processor belongs. This means that the user must belong to at least one
of the groups that are configured for group authentication to succeed. If
the Group Filter field is left blank, group authentication automatically
succeeds. If the group filter is configured, an attempt is made to match at
least one group in the list to a group to which the user belongs. If there is
no match, the user fails authentication and is denied access. If there is at
least one match, group authentication is successful. The comparisons are
case sensitive.
The filter is limited to 511 characters and can consist of one or more
group names. The colon (:) character must be used to delimit multiple
group names. Leading and trailing spaces are ignored, but any other
space is treated as part of the group name. A selection to allow or not
allow the use of wildcards in the group name is provided. The filter can be
a specific group name (for example, RSAWest), a wildcard (*) that
matches everything, or a wildcard with a prefix (for example, RSA*). The
default filter is RSA*. If security policies in your installation prohibit the use
of wildcards, you can choose to not allow the use of wildcards, and the
wildcard character (*) is treated as a normal character instead of the
wildcard.
A group name can be specified as a full DN or using only the cn portion.
For example, a group with a DN of
cn=adminGroup,dc=mycompany,dc=com can be specified using the actual
DN or with adminGroup.
For Active Directory environments only, nested group membership is
supported. For example, if a user is a member of GroupA and GroupB,
and GroupA is a member of GroupC, the user is said to be a member of
GroupC also. Nested searches stop if 128 groups have been searched.
Groups in one level are searched before groups in a lower level. Loops
are not detected.
48 Remote Supervisor Adapter II SlimLine and Remote Supervisor Adapter II: User’s Guide