User Manual Part 4

Administration Tab
SpectraGuard® Enterprise User Guide
199
Base Distinguished Name: Specifies the base distinguished name of the directory to which you
want to connect, for example, o=democorp, c=au.
Note: Distinguished Name is a unique identifier of an entry in the Directory Information Tree (DIT). The name is
the concatenation of Relative Distinguished Names (RDNs) from the top of the DIT down to the entry in question.
User ID Attribute: Specifies the user ID attribute string that the system uses to identify the user, as
defined in your LDAP schema.
(Default: cn)
User Role Attribute: Specifies the user role attribute string that the system uses to identify the
user’s role, as defined in your LDAP schema.
User Location Attribute: Specifies the user location attribute string that the system uses to identify
the locations where the user is allowed access, as defined in your LDAP schema.
Filter String: Specifies certain attributes: existing or new: that you can use for different users, based
on which the server filters the users, for example, (IsUser=A). This feature can help restrict the use
of the system to a certain set of users.
Default Privileges for LDAP Users: This section specifies the default role and the default locations assigned
when new LDAP users log in, for the case where the role and locations attributes are not provided by the
LDAP server. Note that the default values here apply to all users authenticated via LDAP. Specific default
values can also be provided for the specific LDAP users using Edit User dialog. If the LDAP server provides
user role and locations attribute at the time of authentication, the attributes provided by the LDAP server
will override the default role and locations attributes.
User Role: Enables you to specify the default role for the new LDAP users. You can select one of
the following four options. The default user role is Viewer.
1. Superuser
2. Administrator
3. Operator
4. Viewer
Locations: Displays the list of locations to which a new LDAP user has access rights.
Click Change… to open the Assign Locations dialog. Here, you can view the complete list of
locations and select the locations to which the LDAP user can have access rights. Click OK to
assign the selected location(s) to the user.
LDAP Authentication Details: Specify user credentials required to search the LDAP compliant directory.
This is required only in case the directory does not allow anonymous search.
Select Authentication Required to search LDAP? if the LDAP server requires administrator login
to search the LDAP compliant directory. Specify the Admin User DN and Password to log in.
If you select Append Base DN, the Base Distinguished Name specified in LDAP Configuration
Details is appended to the Admin User DN.
Test Settings: Enables you to test whether the specified settings are correct. To verify the settings, enter the
User Name and Password for a specific user and click <Test>.
Note: Test is not available unless you change the settings. Apply is unavailable until you use Test.
RADIUS Server Configuration
The system can use a RADIUS server to facilitate user authentication.The RADIUS Configuration screen facilitates
configuration of the RADIUS server access parameters.