Manualshelf

Specifications

ManualsBrandsBarracuda Networks ManualsComputer equipmentSSL VPN
31323334353637383940
31
The next tab, ‘Role Schema’ requires role information so the appliance can successfully link to the
correct role classes at run time.
Role class: The LDAP class object used to represent a Role.
Rolename attribute: The ‘rolename’ attribute from the Role class, if one exists.
Role membership attribute: The ‘role membership’ attribute from the Role class, if one
exists.
Role membership contains DN?: If the ‘role membership’ attribute value points to a
distinguished name then this box should be checked. The ‘role membership’ attribute can
contain a value or otherwise refer to another object in the directory.
The final tab, Options, allows an advanced user to fine tune LDAP operations.
Connection timeout: Generic connection timeout for Active Directory sessions.
Max Cache Objects: Amount of information retrieved from the AD to cache. If the AD is
large this should be set to a high value. Typically an object is cached for each user and one for
each group. Calculating how many groups and users you have is a good guide when setting
this. If the setting is too low some users may not be able to log in.
Page Size: The number of objects returned in each paged request, the default should be
acceptable in most cases.
User/ Group details Cache TTL: This is the minimum ‘Time to Live’ value which must be
greater than 10 seconds. Default value of 300 seconds stores Active Directory user
information in cache for 5 minutes before clearing the cache. The next required action fetches
user details again caching for another 300 seconds. A value too low will cause severe delays
in processing any action as the appliance will continually be re-fetching data from the domain
controller.
Configuring NIS User Database
There is one tab for the configuration of the UNIX user database:
Hostname: The hostname of the UNIX server.
Domain name: The UNIX domain name.
Refresh interval: Remote account and groups are cached. This value is the interval (in
minutes) between updates.
Include Local Accounts: If selected, local accounts are also include in the list of available
accounts. This only works on UNIX like system that have a /etc/passwd and or /etc/shadow
file.
Include Local Groups: If selected, local groups are also include in the list of available
accounts. This only works on UNIX like system that have an /etc/group file.