User authentication LDAP
AnywhereUSB® Plus User Guide
353
objectClass: inetOrgPerson
cn: John Smith
sn: Smith
uid: john
ou: admin serial
LDAP server failover and fallback to local configuration
In addition to the primary LDAP server, you can also configure your AnywhereUSB Plus device to use
backup LDAP servers. Backup LDAP servers are used for authentication requests when the primary
LDAP server is unavailable.
Falling back to local authentication
With user authentication methods, you can configure your AnywhereUSB Plus device to use multiple
types of authentication. For example, you can configure both LDAP authentication and local
authentication, so that local authentication can be used as a fallback mechanism if the primary and
backup LDAP servers are unavailable. Additionally, users who are configured locally but are not
configured on the LDAP server are still able to log into the device. Authentication methods are
attempted in the order they are listed until the first successful authentication result is returned;
therefore if you want to ensure that users are authenticated first through the LDAP server, and only
authenticated locally if the LDAP server is unavailable or if the user is not defined on the LDAP server,
then you should list the LDAP authentication method prior to the Local users authentication method.
See User authentication methods for more information about authentication methods.
If the LDAP servers are unavailable and the AnywhereUSB Plus device falls back to local
authentication, only users defined locally on the device are able to log in. LDAP users cannot log in
until the LDAP servers are brought back online.
Configure your AnywhereUSB Plus device to use an LDAP server
This section describes how to configure a AnywhereUSB Plus device to use an LDAP server for
authentication and authorization.
Required configuration items
n
Define the LDAP server IP address or domain name.
n
Add LDAP as an authentication method for your AnywhereUSB Plus device.
Additional configuration items
n
Whether other user authentication methods should be used in addition to the LDAP server, or if
the LDAP server should be considered the authoritative login method.
n
The LDAP server port. It is configured to 389 by default.
n
Whether to use Transport Layer Security (TLS) when communicating with the LDAP server.
n
The distinguished name (DN) and password used to communicate with the server.
n
The distinguished name used to search to user base.
n
The group attribute.
n
The number of seconds to wait to receive a message from the server.
n
Add additional LDAP servers in case the first LDAP server is unavailable.
To Next Page
Loading...
Need help?
General