To Next Page

To Previous Page

User authentication LDAP

IX20 User Guide

911

c. (Optional) Change the default Port setting to the appropriate port. Normally this should be

left at the default setting of port 389 for non-TLSand 636 for TLS.

d. (Optional) Click  again to add additional LDAPservers.

5. (Optional) Enable Authoritative to prevent other authentication methodsfrom being

attempted if LDAPlogin fails.

6. For TLS connection, select the typeof TLSconnection used by the server:

Disable TLS: Usesa non-secure TCPconnection on the LDAPstandard port, 389.

Enable TLS: Usesan SSL/TLSencrypted connection on port 636.

Start TLS: Makes a non-secure TCPconnection to the LDAPserver on port 389, then

sendsa request to upgrade the connection to a secure TLSconnection. This is the

preferred method for LDAP.

7. If Enable TLSor Start TLSare selected for TLSconnection:

LeaveVerify server certificate at the default setting of enabled to verify the server

certificate with a known Certificate Authority.

Disable Verify server certificate if the server is using a self-signed certificate.

8. (Optional) For Server login, typea distinguished name (DN) that is used to bind to the LDAP

server and search for users, for example cn=user,dc=example,dc=com. Leave thisfield blank

if the server allowsanonymousconnections.

9. (Optional) For Server password, type the password used to log into the LDAPserver. Leave

this field blank if the server allowsanonymousconnections.

10. For User search base, typethe distinguished name (DN) on the server to search for users. This

can bethe root of the directory tree (for example, dc=example,dc=com) or a sub-tree (for

example. ou=People,dc=example,dc=com).

11. For Login attribute, enter the user attribute containing the login of the authenticated user.

For example, in the LDAPuser configuration, the login attribute is uid. If this attribute isnot

set, the user will be denied access.

12. (Optional) For Group attribute, typethe name of the user attribute that containsthe list of

IX20 authentication groupsthat the authenticated user has accessto. See LDAPuser

configuration for further information about the group attribute.

13. For Timeout, type or select the amount of time in secondsto wait for the LDAPserver to

respond. Allowed value is between 3 and 60 seconds.

14. Add LDAPto the authentication methods:

a. Click Authentication > Methods.

b. For Add method, click .

Digi IX20 User Manual

Questions and Answers: