Support User Manuals

Western Telematic AFS-16-1 Switch User Manual

Open as PDF

of 135

5-35

Basic Configuration

5.9.8. LDAP Parameters

The AFS-16 supports LDAP (Lightweight Directory Access Protocol,) which allows

authentication via the "Active Directory" network Directory Service. When LDAP is

enabled and properly configured, command access rights can be granted to new users

without the need to define individual new accounts at each AFS-16 unit, and existing

users can also be removed without the need to delete the account from each

AFS-16 unit. This type of authentication also allows administrators to assign users

to LDAP groups, and then specify which circuits the members of each group will be

allowed to control at each AFS-16 unit.

In order to apply the LDAP feature, you must first define User Names and associated

Passwords and group membership via your LDAP server, and then access the AFS-16

command mode to enable and configure the LDAP settings and define port access

rights and command access rights for each group that you have specified at the LDAP

server. Note that in order to access the LDAP Parameters menu, you must login to AFS-

16 command mode using a password that permits Administrator level commands.

Notes:

• CircuitaccessrightsarenotdefinedattheLDAPserver.Theyaredefinedvia

theLDAPGroupconfigurationmenuoneachAFS-16unitandarespecificto

thatAFS-16unitalone.

• WhenLDAPisenabledandproperlyconfigured,LDAPauthenticationwill

supersedeanypasswordsandaccessrightsthathavebeendefinedviathe

AFS-16userdirectory.

• IfnoLDAPgroupsaredefinedonagivenAFS-16unit,thenaccessrightswill

bedeterminedasspecifiedbythe"default"LDAPgroup.

• The"default"LDAPgroupcannotbedeleted.

The LDAP Parameters Menu allows the following parameters to be defined:

• Enable: Enables/disables LDAP authentication. (Default = Off.)

• PrimaryHost: Defines the IP address or domain name (up to 64 characters) for

the primary LDAP server. (Default = undefined.)

• SecondaryHost: Defines the IP address or domain name (up to 64 characters) for

the secondary (fallback) LDAP server. (Default = undefined.)

• LDAPPort: Defines the port that will be used to communicate with the LDAP

server. (Default = 389.)

• TLS/SSL: Enables/Disables TLS/SSL encryption. Note that when TLS/SSL

encryption is enabled, the LDAP Port should be set to 636. (Default = Off.)

• BindType: Sets the LDAP bind request password type. Note that in the Text

Interface, when the Bind Type is set to "Kerberos" LDAP, the menu will include an

additional prompt (item 14) that is used to select Kerberos parameters as described

in Section 5.9.8.5. In the Web Interface, the button which is used to access the

Kerberos Parameters menu is located at the bottom of the LDAP Parameters Menu.

(Default = Simple.)

• SearchBindDN: Selects the user name who is allowed to search the LDAP

directory. (Default = undefined.)

previous next