RSA Security 6.1 Server User Manual


  Open as PDF
of 118
 
88 Using the LDAP Configuration Interface September 2005
Figure 29 LDAP Schema (Slide 4 of 4)
While the LDAP virtual schema diagram shows as much of the detail of the
LDAP virtual schema as possible, the following rules and limitations should be
considered.
X Bind request – All attempts to perform operations on the virtual schema
must be preceded by an LDAP Bind request that authenticates the
administrator to the RSA RADIUS Server. The Bind request must reference
an RSA RADIUS Server administrative account and must provide the
password that authenticates that account. This translates into the following
command line options for each invocation of the LDAP utilities:
-D "cn=username,o=radius" -w { passcode | cachedPW }
where username is the user account name, passcode is the RSA passcode
associated with the user, and
cachedPW is the user’s cached password.
X Uppercase and lowercase – The uppercase/lowercase rules for object
names are the same as in the RSA RADIUS Administrator application;
almost all object names are stored in the database in uppercase format.
X Attributes – The LDAP virtual schema diagram does not explicitly list all the
dictionary attributes that are available in the latest version of
RSA RADIUS Server. The rules for entering dictionary attributes are that the
attribute name must match the name found in the dictionary and the syntax
type determines what is allowed for the attribute's value.
nasname=
<nas-name>
radiusstatus=
acct_stats_by_nas
nasipaddr=
<nas-ip-addr>
radiusstatus=
acct_stats_by_nasipaddr
cn=<monitor>
AvailableAttributes:
dn<string>
version<string>
threads<number>
connection<string>
currentconnections<number>
totalconnections<number>
dtablesize<number>
writewaiters<number>
readwaiters<number>
opsinitiated<number>
opscompleted<number>
entriessent<number>
bytessent<number>
currenttime<time>
starttime<time>
nbackends<number>
AvailableAttributes:
nasname<name>
nasipaddr<name
start <number>
stop <number>
interim <number>
on <number>
off <number>
invalid-shared-secret<number>
 previous next