Chapter 25 AAA Server
NXC Series User’s Guide
304
• Directory Service (LDAP/AD)
LDAP (Lightweight Directory Access Protocol)/AD (Active Directory) is a directory service that is both
a directory and a protocol for controlling access to a network. The directory consists of a database
specialized for fast information retrieval and filtering activities. You create and store user profile and
login information on the external server.
•RADIUS
RADIUS (Remote Authentication Dial-In User Service) authentication is a popular protocol used to
authenticate users by means of an external or built-in RADIUS server. RADIUS authentication allows
you to validate a large number of users from a central location.
Note: Because the NXC has an internal authentication database, you can create local login
accounts on it without needing to rely on an external authentication server. The built-in
authentication server supports PEAP/EAP-TLS/EAP-TTLS.
Directory Structure
The directory entries are arranged in a hierarchical order much like a tree structure. Normally, the
directory structure reflects the geographical or organizational boundaries. The following figure shows a
basic directory structure branching from countries to organizations to organizational units to individuals.
Figure 179 Basic Directory Structure
Distinguished Name (DN)
A DN uniquely identifies an entry in a directory. A DN consists of attribute-value pairs separated by
commas. The leftmost attribute is the Relative Distinguished Name (RDN). This provides a unique name
for entries that have the same “parent DN” (“cn=domain1.com, ou=Sales, o=MyCompany” in the
following examples).
cn=domain1.com, ou = Sales, o=MyCompany, c=US
cn=domain1.com, ou = Sales, o=MyCompany, c=JP
Root
US
Japan
Sprint
UPS
NEC
Sales
RD3
QA
CSO
Sales
RD
Countries (c)
Organizations (o)
Organization Units (ou)
Unique
Common Name
(cn)
To Next Page
Loading...
