User Manual
To cater to all these possibilities, the pam_ldap module has been modified to do group lookups for each of
these three styles. This allows us to have a relatively 'generic' configuration, and not be concerned with
how the LDAP directory is set up.
There are two parameters that need to be configured based on what the user wishes to look up: these are
the LDAP username and group membership attributes.
To clarify to the user what parameters to use, the descriptions for these fields have been updated to
prompt the user for common or likely attributes. For example, the two configuration fields have
descriptions as follows:
LDAP Username Attribute: The LDAP attribute that corresponds to the login name of the user
(commonly 'sAMAccountName’ for Active Directory, and 'uid' for OpenLDAP).
LDAP Group Membership Attribute: The LDAP attribute that indicates group membership in a user
record (commonly 'memberOf' for Active Directory, and unused for OpenLDAP).
NOTE The libldap library ensures SSL connections are using certificates signed by a trusted CA so it is
often not easy to set up a connection to an LDAP server using SSL. See to
https://opengear.zendesk.com/entries/29959515-LDAP-over-SSL
Perform the following procedure to configure the LDAP authentication method to be used whenever the
console server or any of its serial ports or hosts is accessed:
1. Select Serial & Network > Authentication and check LDAP, LocalLDAP, LDAPLocal, or
LDAPDownLocal.
To Next Page
Loading...
Need help?
General
