Specifications

ManualsBrandsBlackbox ManualsComputer equipmentVideoClip-HD

121

122

123

124

125

126

127

128

129

130

724-746-5500 | blackbox.com 129

Setup

You must enter the Primary LDAP server hostname and port and choose the Server Encryption'.

The Server Encryption can be one of:

None (LDAP) - no encryption - passwords are sent in the clear - standard LDAP port is 389.

SSL (LDAPS) - all communications with the LDAP server are encrypted - standard LDAP port is 636.

TLS (LDAP over TLS) - all communications with the LDAP server are encrypted - standard LDAP port is 389.

The CA Certificate (Certification authority Certificate) is required when SSL or TLS encryption is used. The certificate is

required to be in PEM format.

Note: Microsoft Active Directory does not support LDAP over TLS and by default LDAPS requires additional configuration

of the Active Directory server.

Fallback user

The Fallback User can always login to the iCOMPEL and perform management tasks, even when LDAP authentication is

not working.

Enter the Fallback User Username and Password that you wish to use to manage the iCOMPEL in the event of problems

with the LDAP setup.

Recommendation: Use a very strong password for the Fallback User password.

Bind

Select Allow Anonymous Bind to use anonymous binding to the LDAP server. Otherwise select Bind using DN: and fill in

the Bind Username and Bind Password'.

For example the Bind Username is a Distinguished Name (DN) like: cn=Manager,dc=yourdomain,dc=com.

FTP User

The information in this section is used to authenticate users and give them permission to gain FTP Read/Write access to

the iCOMPEL.

You will need to know how to find the user object in the directory that corresponds to the username given to FTP.

Set the Login Username Attribute to attribute that will contain the username given to FTP.

Active Directory Note: Typically this is the "sAMAccountName" attribute.

Posix Scheme Directory Note: Typically this is the "uid" attribute.

Enter the LDAP filter that will match a user object in the directory into the User Filter field. Use "%s" where you wish the

filter to contain the username of the user that is logging in.

Recommendation: If possible add checks for group membership to control which users can access FTP on the iCOMPEL.

Active Directory Example: (&(sAMAccountName=%s)(objectclass=user)(memberOf=CN=iCOMPEL ftp access,

OU=Security Groups,DC=yourdomain,DC=com)).

Posix Scheme Directory example: (&(uid=%s)(objectclass=posixAccount))

The Scope can be set to One Level or Subtree and will limit how LDAP search for the user object starting from the Base

DN.

HTTP User

The information in this section is used to authenticate users to use the Web Interface of the iCOMPEL. Permissions are

setup in the next section.

You will need to know how to find the user object in the directory that corresponds to the username given to HTTP.

Set the Login Username Attribute to attribute that will contain the username given to HTTP.

Active Directory Note: Typically this is the "sAMAccountName" attribute.