5-36
Basic Configuration
• SearchBindPassword: Sets the Password for the user who is allowed to search
the LDAP directory. (Default = undefined.)
• UserSearchBaseDN: Sets the directory location for user searches.
(Default = undefined.)
• UserSearchFilter: Selects the attribute that lists the user name. Note that this
attribute should always end with "=%S" (no quotes.) (Default = undefined.)
• GroupMembershipAttribute: Selects the attribute that lists group
membership(s). (Default = undefined.)
• GroupMembershipValueType: (Default = DN.)
• Fallback: Enables/Disables the LDAP fallback feature. When enabled, the
AFS-16 will revert to it's own internal user directory (see Section 5.5) if no defined
users are found via the LDAP server. In this case, port access rights will then be
granted as specified in the default LDAP group. (Default = Off.)
• LDAPGroupSetup: Provides access to a submenu, which is used to define LDAP
Groups as described in the Sections 5.9.8.1 through 5.9.8.4.
• LDAPKerberosSetup: Provides access to the Kerberos Setup menu as described
in Section 5.9.8.5. When the Bind Type is set to "Kerberos", the Kerberos Setup
menu is used to select Kerberos parameters. In the Text Interface, the link to the
Kerberos Setup menu will not be displayed unless the Bind Type is set to Kerberos.
5.9.8.1. Adding LDAP Groups
Once you have defined several users and passwords via your LDAP server, and
assigned those users to LDAP Groups, you must then grant access rights to each LDAP
Group at each AFS-16 unit. In order to add LDAP groups, you must log in to command
mode using a password that permits access to Administrator level commands. The Add
LDAP Group menu allows the following parameters to be defined:
• GroupName: Note that this name must match the LDAP Group names that you
have assigned to users at your LDAP server. (Default = undefined.)
• AccessLevel: Sets the command access level. For more information, please refer
to Section 5.4.1. (Default = User.)
• CircuitAccess: This item is used to select the AFS-16 Circuit Modules that
members of this LDAP group will be allowed to connect. (Default = All Circuits Off.)
• CircuitGroupAccess: This item is used to determine which Circuit Groups the
members of this LDAP Group will be allowed to control. (Default = undefined.)
• ServiceAccess: This item determines how members of this LDAP Group will be
allowed to access command mode and whether or not they will be able to create
outbound Telnet connections. The Service Access parameter is used to allow
members of this LDAP group to access command mode via Serial Port, Telnet/SSH
or any combination thereof, and also enables/disables Outbound Telnet.
(Default; Serial Port = On, Telnet/SSH = On, Outbound Access = Off.)
Note:AfteryouhavedefinedLDAPGroupparameters,makecertaintosave
thechangesbeforeproceeding.IntheWebBrowserInterface,clickonthe
"AddLDAPGroup"buttontosaveparameters;intheTextInterface,pressthe
[Esc]keyseveraltimesuntilthe"SavingConfiguration"messageisdisplayed.