Device Security > LDAP > Role Mapping
Device Security
RM GUI HiSecOS EAGLE20/30
Release
3.0
09/2015
95
Device Security > LDAP > Role Mapping
3.5 LDAP Role Mapping
This dialog allows you to create up to 64 mappings to assign a role to users.
In the table, you specify whether the device assigns a role to the user based
on an attribute with a specific value or based on the group membership.
The device searches for the attribute and the attribute value within the
user object.
By evaluating the “Distinguished Name” (DN) contained in the member
attributes, the device checks group the membership.
When a user logs on, the device searches for the following information on the
LDAP server:
In the related user project, the device searches for attributes specified in
the mappings.
In the group objects of the groups specified in the mappings, the device
searches for the member attributes.
On this basis, the device checks any mapping.
– Does the user object contain the required attribute?
or
– Is the user member if the group?
If the device does not find a match, the user does not get access to the
device.
If the device finds more than 1 mapping that applies to a user, the setting in
the "Matching Policy" field decides. The user either obtains the role with the
more extensive authorizations or the 1st role in the table that applies.
Configuration
Parameters Meaning
Matching Policy Specifies which role the device applies if more than 1 mapping applies to
a user.
Possible values:
highest
(default setting)
The device applies the role with more extensive authorizations.
first
The device applies the rule to the user which has the lower value in
the "Index" column.
To Next Page
Loading...