Home > User Interface > Configuration > Policy Configuration > Authentication Sources > Internal > LDAP
Logo

LDAP

Menu path: Configuration > Policies and Access Control > Authentication Sources > Internal > LDAP.

This form of authentication uses one or more Active Directory domain controllers(as defined by the Associated Realms parameter) to authenticate a user. LDAP is used by A3 to interface with Active Directory. The fields in an AD/LDAP definition are:

Field Name Usage Example
Name The name of the authentication source. CorpAD
Description Optional description of the source. Corporate AD authentication
Host A comma-separated list of host name or IP addresses of the AD/LDAP controllers to be queried, along with the port to be used and the type of encryption to be applied. The default port for LDAP is 389 and can change based on the type of encryption used. The choices for encryption are None, SSL, and Start TLS. ad.company.com,ad1.company.com:389 None
Connection Timeout The timeout, in seconds, for connection establishment to the directory. 1
Request Timeout The timeout, in seconds, for a request acknowledgment from the directory. 5
Response Timeout The timeout, in seconds, for a response from the directory. 10
Base DN The base location in the directory where search queries will be performed. CN=Users,DC=ah-lab,DC=com
Scope

Specifies the extent of the search. The choices are:

  • Base object - only the object at the Base DN
  • One level - only the objects at the same level as the Base DN
  • Subtree - all objects beneath the Base DN
  • Children - the immediate children of the Base DN
 Subtree
User Name Attribute The name of the attribute within the records to match against, chosen from a list of attributes. Usually sAMAccountName. sAMAccountName
User Name Attribute Other attributes that can be used as the username, chosen from a list of attributes. The radiusd server should be restarted using Status>Services if this changes.  
Email Attribute The name of the attribute with the user's email address. mail
Bind DN The user account that performs the lookup in distinguished name (DN) format. CN=A3User,CN=Users,DC=ah-lab,DC=com
Password The password for the Bind DN. Buttons are provided for visibility and test. The test icon button tests if the settings and password are correct. password
Cache Match If enabled, A3 will cache the results of a matching rule. slider-off icon
Monitor If enabled, A3 will ping the AD server periodically to ensure that it is online and responsive. slider-off icon
Shuffle If there are multiple LDAP/AD servers to query, a random server will be chosen for every lookup request. slider-off icon
Associated Realms The realms associated with the AD authentication source. Realms are discussed in Domains and Realms. default,null
Authentication Rules Indicates when the authentication is triggered and the actions to be performed when the authentication is satisfied. Authentication rules are covered in detail in Authentication Rules.  
Administration Rules Indicates the administrative actions to be performed when the authentication is satisfied. Administration rules are covered in detail in Administration Rules.  
Note

Note

The AD/LDAP directory used in the Host parameter must have previously been set up using the Configuration>Active Directory Domains page. See Domains and Realms.
Note

Note

When advised to restart any A3 service, the administrative interface for each cluster member must be used individually to perform the operation. Perform the operation on each member one at a time, waiting for the service(s) to completely restart.

Copyright © 2021 Extreme Networks. All rights reserved. Published April 2021.