Implementing LDAP/LDAPS Remote Authentication

Lightweight Directory Access Protocol (LDAP/LDAPS) is a networking protocol for querying and modifying directory services running over TCP/IP. A client starts an LDAP session by connecting to an LDAP/LDAPS server (the default TCP port is 389). The client then sends operation requests to the server, and the server sends responses in turn.

Reminder: Microsoft Active Directory functions natively as an LDAP/LDAPS authentication server.

To use the LDAP authentication protocol, enter the following information:

  1. Click User Management > Authentication Settings to open the Authentication Settings page.
  2. Click elect the LDAP radio button to enable the LDAP section of the page.
  3. Click the LDAP expand icon icon to expand the LDAP section of the page.
  4. In the Primary LDAP Server field, type the IP address or DNS name of your LDAP/LDAPS remote authentication server. When the Enable Secure LDAP option is selected, the DNS name must be used.
  5. In the Secondary LDAP Server field, type the IP address or DNS name of your backup LDAP/LDAPS server. When the Enable Secure LDAP option is selected, the DNS name must be used. Note that the remaining fields share the same settings with the Primary LDAP Server field. Optional
  6. In the Secret Phrase field and again in the Confirm Secret Phrase field, type the server secret (password) required to authenticate against your remote authentication server. Enter the password in use on the LDAP/LDAPS server.
  7. In the Dialback Query String field, type the dialback query string. If you are using Microsoft Active Directory, you must enter the following string: msRADIUSCallbackNumber

    Note: This string is case sensitive.

  8. Select the Enable Secure LDAP checkbox if you would like to use SSL. This will enable the Secure LDAP Port field. Secure Sockets Layer (SSL) is a cryptographic protocol that allows Dominion KSX to communicate securely with the LDAP/LDAPS server.
  9. The default Port is 389. Either use the standard LDAP TCP port or specify another port.
  10. The default Secure LDAP Port is 636. Either use the default port or specify another port. This field is enabled when the Enable Secure LDAP checkbox is selected.
  11. Certificate File. Consult your authentication server administrator to get the CA certificate file in Base64 encoded X-509 format for the LDAP/LDAPS server. Use the Browse button to navigate to the certificate file. This field is enabled when the Enable Secure LDAP option is selected.
  12. DN of administrative User. Distinguished Name of administrative user; consult your authentication server administrator for the appropriate values to type into this field. An example DN of administrative User value might be: cn=Administrator,cn=Users,dc=testradius,dc=com.
  13. User Search DN. This describes the name you want to bind against the LDAP/LDAPS, and where in the database to begin searching for the specified Base DN. An example Base Search value might be: cn=Users,dc=raritan,dc=com. Consult your authentication server administrator for the appropriate values to enter into these fields.
  14. Type of external LDAP/LDAPS server. Choose from among the options available:
  15. Active Directory Domain. Type the name of the Active Directory Domain.

See Also

Authentication Settings

User Authentication Settings

Returning User Group Information from Active Directory Server

Implementing RADIUS Remote Authentication

Returning User Group Information via RADIUS