Device Security > LDAP > Configuration
Device Security
RM GUI HiSecOS EAGLE20/30
Release
3.0
09/2015
93
Address Specifies the IP address or the DNS name of the server.
Possible values:
IPv4 address (default setting:
0.0.0.0
)
DNS name in the format
domain.tld
or
host.domain.tld
_ldap._tcp.domain.tld
Using this DNS name, the device queries the LDAP server list (SRV
Resource Record) from the DNS server.
Use a DNS name, if in the "Connection Security" row another value than
none
is specified and the certificate contains only DNS names of the
server. Enable the "DNS Client" function in the
Advanced > DNS >
Client
>
Global dialog.
Destination TCP
Port
Specifies the TCP Port on which the server expects the requests.
If you have specified the value
_ldap._tcp.domain.tld
in the "Address"
column, the device ignores this value.
Possible values:
0..65535
(default setting:
389
)
Exception: Port
2222
is reserved for internal functions.
Frequently used TCP-Ports:
–
LDAP
:
389
–
LDAP over SSL
:
636
–
Active Directory Global Catalogue
:
3268
–
Active Directory Global Catalogue SSL
:
3269
Connection
Security
Specifies the protocol which encrypts the communication between the
device and the authentication server.
Possible values:
none
No encryption.
The device establishes an LDAP connection to the server and
transmits the communication including the passwords in clear text.
ssl
Encryption with SSL.
The device establishes a TLS connection to the server and tunnels the
LDAP communication over it.
startTLS
(default setting)
Encryption with startTLS extension.
The device establishes an LDAP connection to the server and
encrypts the communication.
The prerequisite for encrypted communication is that the device uses the
correct time. If the certificate contains only the DNS names, you specify
the DNS name of the server in the "Address" row . Enable the "DNS Client"
function in the
Advanced > DNS > Client > Global
dialog.
If the certificate contains the IP address of the server in the “Subject
Alternative Name” field , the device is able to verify the identity of the
server without the DNS configuration.
Parameters Meaning
To Next Page
Loading...