The system administrator or users with appropriate configuration rights can configure the SLC to use LDAP to authenticate users attempting to log in using Telnet, SSH, or the console port.
Note: Users who are authenticated through LDAP are granted port access through the port permissions on this page.
To configure the SLC to use LDAP to authenticate users:
Complete the following fields:
Enable LDAP |
Displays selected if you enabled this method on the User Authentication page. If you want to set up this authentication method but not enable it immediately, clear the checkbox. Note: If you enable LDAP here, it automatically displays at the end of the order of precedence on the User Authentication page. |
Server |
The IP address or host name of the LDAP server. |
Port |
Number of the TCP port on the LDAP server to which the SLC talks. The default is 389. |
Base |
The name of the LDAP search base (e.g., dc=company, dc=com). May have up to 80 characters. |
Bind Name |
Name for a non-anonymous bind to an LDAP server. This item has the same format as LDAP Base, for example cn=administrator,cn=Users,dc=domain,dc=com. |
Bind Password and Retype Password |
Password for a non-anonymous bind. This entry is optional. Acceptable characters are a-z, A-Z, and 0-9. The maximum length is 127 characters. |
Enable Active Directory Support |
Select to enable. Active Directory is a directory service from Microsoft that is a part of Windows 2000 and later versions of Windows. It is LDAP- and Kerberos-compliant. Disabled is the default. |
Encrypt Messages |
Select to encrypt messages between the SLC and the LDAP server. Disabled by default. |
Custom Menu |
If custom menus have been created (see the User Guide), you can assign a default custom menu to LDAP users. |
Data Ports |
The ports users are able to monitor and interact with using the connect direct command. U and L denote the PC Card upper and lower slots. |
Listen Ports |
The ports users are able to monitor using the connect listen command. |
Clear Port Buffers |
The ports whose port buffer users may clear using the set locallog clear command. |
In the User Rights section, select the user group to which LDAP users will belong:
Group |
Select the group to which the LDAP users will belong: Default Users: This group has only the most basic rights (described above). Power Users: This group has the same rights as Default Users plus Networking, Date/Time, Reboot & Shutdown; Diagnostics & Reports. Administrators: This group has all possible rights. |
Select or clear the checkboxes for the following rights:
Full Administrative |
Right to perform any function on the SLC. |
Networking |
Right to enter network and routing settings. |
Services |
Right to enable and disable system and audit logging, SSH and Telnet logins, SNMP, and SMTP. Includes NFS and CIFS. |
Date/Time |
Right to set the date and time. |
Local Users |
Right to add or delete local users on the system. |
Remote Authentication |
Right to assign a remote user to a user group and assign a set of rights to the user. Includes configuring remote authentication methods and ordering. |
SSH Keys |
Right to set SSH keys for authenticating users. |
User Menus |
Right to create or edit a custom user menu for the CLI . |
Reboot & Shutdown |
Right to shutdown or reboot the SLC. |
Firmware & Configuration |
Right to upgrade the firmware on the unit and save or restore a configuration (all settings). |
Diagnostics & Reports |
Rights to obtain diagnostic information and reports about the unit. |
SLC Network |
Right to view and manage SLCs on the local subnet. |
Web Access |
Right to access Web-Manager. |
Device Ports |
Right to enter device port settings. Includes creating bidirectional and unidirection connections |
PC Card |
Right to enter modem settings for PC cards. Includes managing storage PC Cards. |
To save, click Apply.
Note: You must reboot the unit before changes will take effect.
See also