Specifications
Chapter 6: Authentication Using External Servers
6-8
Displaying the
New LDAP/
active directory
server page
1. Click the User authentication tab in the BSC administrator console.
2. Select External LDAP/Active Directory Authentication from the Create drop-down list
on the User authentication page. The New LDAP/active directory server page
appears as shown in Figure 6-2.
Enable server The Enable checkbox is marked by default to make the server available for user
authentication.
Name Enter a meaningful name for the external LDAP/active directory authentication server.
Precedence Optional. If you are setting up multiple external LDAP/active directory authentication
servers and need to establish the order in which the BSC checks the servers for user
authentication, select the server's priority from the Precedence drop-down list.
Note that 1 means the server is checked first. The precedence you configure does not
apply to Transparent NTLM Windows logins, Transparent 802.1x logins, or local users in
the BSC database, because these authentication schemes are always checked first.
If you set a Precedence for a server that is the same as that set for a previously configured
server, the previous server's Precedence, and that of all servers having a lower
configured precedence, is incremented by 1. For example, if server A already has a
Precedence of 1 and server B's is 2 and you then set server C's to 1, server A's
Precedence becomes 2 and server B's becomes 3.
LDAP/Active
Directory server
settings
1. Server address: Enter the server's IP address or fully qualified domain name.
2. Port: Enter the server’s port number.
3. Require SSL?: Mark this checkbox to set up digital certificate authentication between
the BSC and the server via Secure Sockets Layer (SSL).
If you plan to use LDAP/Active Directory over SSL, see “Configuring External Server
Authentication Over SSL” on page 10-21 for detailed instructions on how to upload
the appropriate certificate to the BSC and configure the certificate parameters.
After you have uploaded the digital certificate to the BSC, return to this procedure to
complete the remaining steps.
4. Configure the following LDAP parameters:
• Base entry - Enter the base name entry, for example,
cn=Users,dc=acme,dc=com. This entry serves as the starting point for the search
in the server database.
• Unique ID attribute - Enter a unique server database search attribute, e.g. uid.
• LDAP user and LDAP password - Enter the LDAP/active directory account
identifiers in the LDAP user and LDAP password fields.Re-enter the password in
the Confirm LDAP password field.
• LDAP Filters - Optional. Enter LDAP Filters to apply to entries within the specified
scope of the search, e.g., objectClass=Person. You can use a filter on any
property of an object. All entered filters are case sensitive and must follow the
syntax specified in RFC1960.
5. LDAP Search Credentials: Specify what user credentials the LDAP search uses.
• User Login Information: Mark this radio button to search the LDAP/Active
Directory server for the user using the information entered when the user logs in.
This is the default setting.
• LDAP User: Alternatively, mark this radio button to search the LDAP/Active
Directory server for the user using the information you have defined on this page.
Accounting To enable RADIUS accounting for this server, select the name of the external RADIUS
accounting server from the Accounting server drop-down list. See “RADIUS Accounting”