R3102-R3103-HP 6600/HSR6600 Routers Security Configuration Guide
405
Configuring LDAP authentication
The LDAP is a cross-platform, standard directory service system that is based on TCP/IP. It is developed
on the basis of the X.500 protocol but is better than X.500 in data reading, browsing, and search.
LDAP is suitable for saving data that will not change frequently. A typical application of LDAP is to save
user information of a system. For example, Microsoft Windows operating systems use an Active Directory
Server to save user information and user group information, providing LDAP based authentication and
authorization for Windows users. The SSL VPN system can cooperate with an LDAP server to provide
LDAP authentication and obtain resource access rights for users.
For successful LDAP authentication of a user, you must also configure the account information and the
user group attribute information for the user on the LDAP server, and make sure the user groups
configured on the authentication server exist on the SSL VPN gateway. Otherwise, the user cannot log in.
The number of user groups that the gateway supports for a user is 100. Make sure the number of user
groups specified for a user on the authentication server is equal to or less than the limit.
1. Select VPN > SSL VPN > Domain Management > Authentication Policy from the navigation tree.
2. Click the LDAP Authentication tab. The LDAP authentication configuration page appears.
Figure 180 LDAP authentication
3. Configure the LDAP authentication settings as described in Table 39.
4. Click Apply.
Table 39 Configuration items
Item Descri
p
tion
Enable LDAP
authentication
Select this item to enable LDAP authentication.
LDAP Sever IP Specify the IP address of the LDAP server.
Server Port Specify the TCP port number used by the LDAP server.
Version Specify the supported LDAP protocol version.