Articles in this section

See more

LDAP & Active Directory Auth Configuration

Keith Hansen
  • Updated
Follow

Here's an example LDAP config.

LDAP Base DN. The distinguished name of the search base. LDAP authentication process will search for users from this base/folder/container. A search for user accounts starting “dc=test, dc=opengear, dc=com” will be slower.

LDAP Base DN: cn=Users,dc=test,dc=opengear,dc=com

The distinguished username to bind to the server with. Leave blank if you are using anonymous bind.

LDAP Bind DN: cn=Administrator,cn=Users,dc=test,dc=opengear,dc=com

Bind DN Password associated with Bind DN account. Leave blank if you are using anonymous bind.

Bind DN Password: Abc1234@#

LDAP Username Attribute that corresponds to the login name of the user (commonly sAMAccountName for Active Directory and uid for OpenLDAP).

LDAP Username Attribute: sAMAccountName

LDAP Group Membership Attribute that indicates group membership in a user record (commonly memberOf for Active Directory, and leave empty for OpenLDAP).

LDAP Group Membership Attribute: memberOf

Ignore referrals. Disregards LDAP referrals to other servers. When enabled it speeds up login process.

Ignore referrals: Enabled

Ignore SSL certificate errors. When enabled, any SSL certificate errors encountered when accessing LDAPS servers will be ignored.

 

When configuring Active Directory and/or LDAP Auth. It is possible to create multiple groups, you just have to also create the corresponding group on the Opengear. Setting the permissions in that group. 

For example, if you are a member of 5 separate groups in LDAP you can make those same groups exist on the Opengear to have desired result. Essentially, just a match that must take place on the Opengear and LDAP/AD server. 

i.e., CN=admingroup,OU=blah,DC=company,DC=com

If you are a member of this example group and you place that path in the admin group DN, you will effectively receive "admin" privileges.

Further, if you want lesser permissions then you do the following if you are a member of the following groups...

CN=losergroup,OU=blah,DC=company,DC=com
CN=lessergroup,OU=blah,DC=company,DC=com
CN=lackeygroup,OU=blah,DC=company,DC=com

then add...

CN=losergroup,OU=blah,DC=company,DC=com"

Into the user group DN and then create some custom groups named lessergroup and lackeygroup and assign permissions accordingly. That way if you are a member of "losergroup" and "lessergroup" you will effectively receive "users" role and the permissions defined in the custom group "lessergroup"...

Therefore, if you are a member of all 3 groups then you get in with losergroup and the combined permissions given in "lessergroup" and "lackeygroup".

 

See diagrams...

IMG_01092016_163826.png

IMG_01092016_164124.png

Related articles

Comments

0 comments

Article is closed for comments.

Powered by Zendesk