If the configured LDAP directory requires clients to authenticate
to it, you must select the appropriate authentication method in the
Authentication Type field. When the Enterprise Gateway connects
to the LDAP directory, it is authenticated using the selected method.
Choose one of the following authentication methods:
Important Note:
If any of the following authentication methods connect to the LDAP server
over SSL, that server's SSL certificate must be imported into the Enterprise Gateway
Certificate Store.
None:
No authentication credentials need to be submitted to the LDAP server for
this method. In other words, the client connects anonymously to the server.
Typically, a client is only allowed to perform read operations when connected
anonymously to the LDAP server. It is not necessary to enter any details for
this authentication method.
Simple:
Simple authentication involves sending a user name
and corresponding password in clear text to the LDAP server. Because the
password is passed in clear text to the LDAP server, it is recommended
to connect to the server over an encrypted channel (for example, over SSL).
It is not necessary to specify a Realm for the Simple
authentication method. The realm is only used when a hash of the password
is supplied (for Digest-MD5). However, in cases where the LDAP server
contains multiple realms, and the specified user name is present in more
than one of these realms, it is at the discretion of the specific LDAP
server as to which user name binds to it.
Click the SSL Enabled checkbox to force the Enterprise Gateway
to connect to the LDAP directory over SSL. To successfully establish SSL
connections with the LDAP directory, you must import the directory's
certificate into the Enterprise Gateway's certificate store. You can do this
using the global Certificates
screen. For LDAPS (LDAP over SSL) connections, the LDAP server's certificate
must be imported into the Policy's Studio's JRE trusted store. For more
details, see Testing
the Connection.
Digest-MD5:
With Digest-MD5 authentication, the server generates
some data and sends it to the client. The client encrypts this data with
its password according to the MD5 algorithm. The LDAP server then uses
the client's stored password to decrypt the data and hence authenticate
the user.
The Realm field is optional, but may be necessary
in cases where the LDAP server contains multiple realms. If a realm is
specified, the LDAP server attempts to authenticate the user
for the specified realm only.
External:
External authentication enables you to use client
certificate-based authentication when connecting to an LDAP directory.
When this option is selected, you must select a client certificate
from the Enterprise Gateway certificate store. The SSL Enabled
checkbox is selected automatically. This means that you must specify the
URL field using LDAPS (for example,
ldaps://145.123.0.28:636 ). The username, password,
and realm fields are not required for external authentication.
|