Difference between revisions of "LDAP"

Revision as of 10:10, 7 April 2021

RADIUS > Settings > LDAP

This setting enables users can be validated from a Lightweight Directory Access Protocol(LDAP) server. We support the OpenLDAP, Microsoft Active Directory Domain service(AD DS), and Microsoft Active Directory Lightweight directory service(AD LDS).
Similarly to the Pass-Through Authentication, the imRAD decrypts the password in the ACCESS-REQUEST from a user, and then refers to an LDAP server. If an ACCESS-REQUEST is encrypted to an EAP method of which can not decrypt the User-Password attribute, the imRAD RADIUS can not get the correct result.

Note that there is no limitation of the LDAP servers but the more LDAP servers, the more time it may take to validate users.

Edit LDAP Server

You can add a new entity by click "Add" button at the right bottom below the LDAP list. If you want to change or delete a entity, click the icon in front of each entity.

Item	Required	Description
Server1	Yes	Input the address(e.g, a.b.c.d) or URI(e.g. ldap://myldap.test.org) of a LDAP Server. If the LDAP server supports LDAP over SSL, input the address with a prefix(i.e. ldaps://a.b.c.d). More prefixes are described in the "LDAP URI" section.
Server2	No	If there is another instance of the LDAP server, input the second server address or URL.
Port	Yes	It is the port of LDAP server(i.e. 389).
Identity of administrator account Password of administrator account	No	Some LDAP server requires an administrator account before searching.
Base Distinguished Name(dn)	Yes	The dn from which all searches will start from.
Server Type	Yes	Choose one of them.
User filter attribute name Group filter attribute name	Yes	These values are set automatically according to a selected server type. If you select the server type as "others", you must confirm the User filter attribute name and the Group filter attribute name.

LDAP URI

ldap:// (LDAP)
ldaps:// (LDAP over SSL)
ldapi:// (LDAP over Unix socket)
ldapc:// (Connectionless LDAP)

Filter Attribute Name

LDAP Server type	User filter	Group filter
OpenLDAP	uid	posixGroup
Active Directory Domain Services(DS)	sAMAccountName	group
Active Directory Lightweight Directory Services(LDS)	name	group
Others	User defined	User defined

LDAP Try

You can test an LDAP server connection and search for a user after adding a server by click the "connect" button on a list.

메시지	설명
ldap_bind(): Unable to bind to server: Can't contact LDAP server	A server address or URI is incorrect.
ldap_bind(): Unable to bind to server: Invalid credentials	A test account or an administrator account is incorrect.
success	success

Also, All registered servers are periodically testing in the imRAD system and the status icon on the list will be changed in a few seconds.

@@ Line 12: / Line 12: @@
 {| class="wikitable"
-! 이름 !! 필수 !! 설명
+! Item !! Required !! Description
 |-
-| Primary instance 주소 || 예 || LDAP 서버의 IP 주소를 입력하세요.<br>LDAP over SSL일 경우 ldaps://a.b.c.d와 같은 형식으로 입력하세요. <br>추가 prefix는 아래 LDAP URI를 참고하세요.
+| style='width:250px' | Server1 || Yes || Input the address(e.g, a.b.c.d) or URI(e.g. ldap://myldap.test.org) of a LDAP Server. If the LDAP server supports LDAP over SSL, input the address with a prefix(i.e. ldaps://a.b.c.d). More prefixes are described in the "LDAP URI" section.
 |-
-| Secondary instance 주소 || 아니오 || LDAP 서버의 Secondary instance IP 주소를 입력하세요.<br>LDAP over SSL일 경우 ldaps://a.b.c.d와 같은 형식으로 입력하세요. <br>추가 prefix는 아래 LDAP URI를 참고하세요.
+| Server2  || No || If there is another instance of the LDAP server, input the second server address or URL.
 |-
-| LDAP Server 포트 || 예 || LDAP 서버 포트(기본 포트 389)를 입력하세요.
+| Port || Yes || It is the port of LDAP server(i.e. 389).
 |-
-| Identity of administrator account<br>Password of administrator account  || 아니오 || 일부 LDAP 서버는 User-Name을 조회 할 때 Administrator account를 요구 하므로<br>그 Administrator account의 ID와 Password를 입력하세요.
+| Identity of administrator account<br>Password of administrator account  || No || Some LDAP server requires an administrator account before searching.
 |-
-| Base distinguished name(dn)|| 예 || User-Name 조회시 시작이되는 기본 DN을 입력하세요.
+| Base Distinguished Name(dn)|| Yes || The dn from which all searches will start from.
 |-
-| LDAP server type || 예 || 지정된 LDAP 형식 중 하나를 선택하세요.
+| Server Type || Yes || Choose one of them.
 |-
-| User filter attribute name<br> Group filter attribute name || 예 || 아래 filter attribute name을 참고하세요.
+| User filter attribute name<br> Group filter attribute name || Yes || These values are set automatically according to a selected server type. If you select the server type as "others", you must confirm the User filter attribute name and the Group filter attribute name.
 |-
 |}
@@ Line 36: / Line 36: @@
 ldapc:// (Connectionless LDAP)<br>
-===== filter attribute name =====
+===== Filter Attribute Name =====
 {| class="wikitable"
 ! LDAP Server type !! User filter !! Group filter
@@ Line 50: / Line 50: @@
 |}
-===== LDAP 연결 시험 =====
+===== LDAP Try =====
-생성된 LDAP은 수 분후에 자동으로 그 연결이 올바른지가 확이되나 즉시 User-Name과 User-Password를 시험 하려면 LDAP 목록 우측의 연결 시험 항목의 "연결" 버튼을 클릭하면 "연결 시험" 인터페이스를 열 수 있습니다.<br>
+You can test an LDAP server connection and search for a user after adding a server by click the "connect" button on a list.
-이 인터페이스에 아이디와 비밀번호를 입력하여 연결 시험을 진행 할 수 있습니다.
-잘 알려진 오류는 다음과 같습니다.
 {| class="wikitable"
 ! 메시지 !! 설명
 |-
-| ldap_bind(): Unable to bind to server: Can't contact LDAP server || 서버에 연결 수 없는 경우 표시됩니다.
+| ldap_bind(): Unable to bind to server: Can't contact LDAP server || A server address or URI is incorrect.
 |-
-| ldap_bind(): Unable to bind to server: Invalid credentials || 입력한 사용자 아이디/비밀번호나 저장된 administrator account가 <br>다를 경우 발생합니다.
+| ldap_bind(): Unable to bind to server: Invalid credentials || A test account or an administrator account is incorrect.
 |-
-| success || 성공
+| success || success
 |}
+Also, All registered servers are periodically testing in the imRAD system and the status icon on the list will be changed in a few seconds.