Adding a user to a local group
Authentication and Access Control
Local vs. Remote Configurations
Backing up with "dump" and "tar"
Section A: Kerberos issue (KB951191)
Section B: NTLMv2 issue (KB957441)
Identity Mapping Directory-based Mapping
Identity Mapping Name-based Mapping
Mapping Rule Directional Symbols
RIP and RIPng Dynamic Routing Protocols
Receiver Configuration Examples
LDAP (Lightweight Directory Access Protocol) is a directory service for centralizing management of users, groups, hostnames and other resources (called objects). This service on the appliance acts as an LDAP client so that:
LDAP users can login to FTP and HTTP/WebDAV.
LDAP user names (instead of numerical ids) can be used to configure root directory ACLs on a share.
LDAP users can be granted privileges for appliance administration. The appliance supplements LDAP information with its own privilege settings.
Consult your LDAP server administrator for the appropriate settings for your environment.
|
Changing services properties is documented in the BUI and CLI sections of Services.
To lookup users and groups in the LDAP directory, the appliance uses a search descriptor and must know which object classes correspond to users and groups and which attributes correspond to the properties needed. By default, the appliance uses object classes specified by RFC 2307 (posixAccount and posixGroup) and the default search descriptors shown below, but this can be customized for different environments. The base search DN used in the examples below is dc=example,dc=com:
|
The search descriptor, object classes, and attributes used can be customized using the Schema definition property. To override the default search descriptor, enter the entire DN you wish to use. The appliance will use this value unmodified, and will ignore the values of the Base search DN and Search scope properties. To override user and group attributes and objects, choose the appropriate tab ("Users" or "Groups") and specify mappings using the default = new syntax, where default is the default value and new is the value you want to use. For examples:
To use unixaccount instead of posixAccount as the user object class, enter posixAccount = unixaccount in Object class mappings on the Users tab.
To use employeenumber instead of uid as the attribute for user objects, enter uid = employeenumber in Attribute mappings on the Users tab.
To use unixgroup instead of posixGroup as the group object class, type posixGroup = unixgroup in Object class mappings on the Groups tab.
To use groupaccount instead of cn as the attribute for group objects, enter cn = groupaccount in Attribute mappings on the Groups tab.
|
To view service logs, refer to the Logs section from Services.
The following are example tasks. See the BUI and CLI sections for how these tasks apply to each interface method.
If you have an existing user in LDAP who would like to login using their LDAP credentials and administer the appliance: