LDAP Schema Definition Settings

Describes how entries are organized in the LDAP server. The LDAP schema is comprised of keys to find users in an LDAP directory.

Table 1. LDAP Schema Definition Settings
Field Description
User Object Class Name of the class for users.
User Search Attribute Name of the attribute in the user object class that contains the user's login ID.
Keep Domain Name for User Lookup Use the full username when looking up the user in LDAP. For example, select this option when using the User Search Attribute: userPrincipalName.
User Authentication Type Specifies the user authentication. Valid values are:
  • LDAP Bind – Only works with a plain text password. It is useful for authentication from the captive portal but does not work with most 802.1x authentication types.
  • NTLM Auth – This option is only useful when the backend LDAP server is a Microsoft Active Directory server. This is an extension to LDAP bind that will use ntlm_auth to verify the NT hash challenge responses from a client in MsCHAP, MsCHAPV2, and PEAP requests.
  • NT Hash Password Lookup – If the LDAP server has the user‘s password stored as an NT hash that is readable by another system, you can have Identity and Access read the hash from the LDAP server to verify the hashes within an MsCHAP, MsCHAPV2, and PEAP request.
  • Plain Text Password Lookup – If the LDAP server has the user‘s password stored unencrypted and that attribute is accessible to be read via an LDAP request, then this option reads the user‘s password from the server at the time of authentication. This option can be used with any authentication type that requires a password.
User Password Attribute This is the name of the password used with the NT Hash Password Lookup and Plain Text Password Lookup listed above.
Host Search Class Indicates the class used for hostname.
Host Search Attribute Indicates the name of the attribute in the host object class that contains the hostname.
Use Fully Qualified Domain Name Select this option to use the Fully Qualified Domain Name (FQDN). Clear this option to use the hostname without domain.
OU Object Classes Organizational Unit Object Classes
9038918-00 Rev. AA