To Next Page

To Previous Page

User authentication LDAP

IX20 User Guide

909

cn: John Smith

sn: Smith

uid: john

ou: admin serial

LDAP server failover and fallback to local configuration

In addition to the primary LDAPserver, you can also configure your IX20 device to use backup LDAP

servers. Backup LDAPservers are used for authentication requestswhen the primary LDAPserver is

unavailable.

Falling back to local authentication

With user authentication methods, you can configure your IX20 device to use multiple typesof

authentication. For example, you can configure both LDAPauthentication and local authentication, so

that local authentication can be used as a fallback mechanism if the primary and backup LDAPservers

are unavailable. Additionally, users who are configured locally but are not configured on the LDAP

server are still able to log into the device. Authentication methodsare attempted in the order they are

listed until the first successful authentication result is returned; therefore if you want to ensure that

users are authenticated first through the LDAPserver, and only authenticated locally if the LDAP

server is unavailable or if the user is not defined on the LDAPserver, then you should list the LDAP

authentication method prior to the Local users authentication method.

See User authentication methodsfor more information about authentication methods.

If the LDAPservers are unavailable and the IX20 device falls back to local authentication, only users

defined locally on the device are able to log in. LDAPusers cannot log in until the LDAPservers are

brought back online.

Configure your IX20 device to use an LDAP server

This section describeshow to configure a IX20 device to use an LDAPserver for authentication and

authorization.

Required configuration items

Define the LDAPserver IPaddress or domain name.

Add LDAPasan authentication method for your IX20 device.

Additional configuration items

Whether other user authentication methodsshould be used in addition to the LDAPserver, or if

the LDAPserver should be considered the authoritativelogin method.

The LDAPserver port. It is configured to 389 by default.

Whether to use Transport Layer Security (TLS) when communicating with the LDAP server.

The distinguished name (DN) and password used to communicate with the server.

The distinguished name used to search to user base.

The group attribute.

The number of secondsto wait to receive a message from the server.

Add additional LDAPservers in case the first LDAPserver is unavailable.

 Web

Digi IX20 User Manual

Questions and Answers: