Manual Chapter : About LDAP Auth

Applies To:

Show Versions

About LDAP Auth

An LDAP Auth action authenticates a user against an AAA LDAP server. An LDAP Auth action provides these configuration elements and options.

When configured in a per-request policy subroutine, some screen elements and options described here might not be available.

Type: Specifies Authentication, the type of this LDAP action.
Server: Specifies an LDAP server; servers are defined in the
Access
Authentication
area of the Configuration utility.
SearchDN: Specifies the base node of the LDAP server search tree to start the search with.
SearchFilter: Specifies the search criteria to use when querying the LDAP server for the user's information. Session variables are supported as part of the search query string. Parentheses are required around search strings; (
sAmAccountName
=%{
session.logon.last.username
})
UserDN: Specifies the Distinguished Name (DN) of the user. The DN can be derived from session variables.
Show Extended Error: When enabled, causes comprehensive error messages generated by the authentication server to display on the user's logon page. This setting is intended only for use in testing, in a production or debugging environment. If enabled in a live environment, your system might be vulnerable to malicious attacks. (When disabled, displays non-comprehensive error messages generated by the authentication server on the user's logon page.)
Max Logon Attempts Allowed: Specifies the number of user authentication logon attempts to allow. A complete logon and password challenge and response is considered as one attempt.
For a per-request policy subroutine, equivalent functionality is supported through subroutine settings.