User authentication LDAP
IX20 User Guide
909
cn: John Smith
sn: Smith
uid: john
ou: admin serial
LDAP server failover and fallback to local configuration
In addition to the primary LDAPserver, you can also configure your IX20 device to use backup LDAP
servers. Backup LDAPservers are used for authentication requestswhen the primary LDAPserver is
unavailable.
Falling back to local authentication
With user authentication methods, you can configure your IX20 device to use multiple typesof
authentication. For example, you can configure both LDAPauthentication and local authentication, so
that local authentication can be used as a fallback mechanism if the primary and backup LDAPservers
are unavailable. Additionally, users who are configured locally but are not configured on the LDAP
server are still able to log into the device. Authentication methodsare attempted in the order they are
listed until the first successful authentication result is returned; therefore if you want to ensure that
users are authenticated first through the LDAPserver, and only authenticated locally if the LDAP
server is unavailable or if the user is not defined on the LDAPserver, then you should list the LDAP
authentication method prior to the Local users authentication method.
See User authentication methodsfor more information about authentication methods.
If the LDAPservers are unavailable and the IX20 device falls back to local authentication, only users
defined locally on the device are able to log in. LDAPusers cannot log in until the LDAPservers are
brought back online.
Configure your IX20 device to use an LDAP server
This section describeshow to configure a IX20 device to use an LDAPserver for authentication and
authorization.
Required configuration items
n
Define the LDAPserver IPaddress or domain name.
n
Add LDAPasan authentication method for your IX20 device.
Additional configuration items
n
Whether other user authentication methodsshould be used in addition to the LDAPserver, or if
the LDAPserver should be considered the authoritativelogin method.
n
The LDAPserver port. It is configured to 389 by default.
n
Whether to use Transport Layer Security (TLS) when communicating with the LDAP server.
n
The distinguished name (DN) and password used to communicate with the server.
n
The distinguished name used to search to user base.
n
The group attribute.
n
The number of secondsto wait to receive a message from the server.
n
Add additional LDAPservers in case the first LDAPserver is unavailable.
Web