Network Access Switch Owner's Manual
Configuring authentication 193
Table 37
Configuring LDAP settings (cont’d.)
/cfg/doamin #/aaa/auth #/ldap
followed by:
enashortgr
Enables the short group format.
Configures the NVG to extract the first part of
a returned Distinguished Name (DN) as the
group name to be used. This makes it easier
to configure the group name in the VPN to
configure the entire DN string as group name.
groupsearc
the LDAP Group Search menu.
adv
the Advanced LDAP menu.
Managing LDAP authentication servers
You can configure additional LDAP servers for the domain, for
redundancy. You can have a maximum of three LDAP authentication
servers in the configuration. You can control the order in which the LDAP
servers respond to authentication requests.
If there is more than one LDAP server configured for the Nortel SNAS
domain, the first accessible LDAP server in the list returns a reply to
the query. This stops the query, regardless of whether or not the client’s
credentials were matched. If you add more than one LDAP server to the
domain, for redundancy, ensure that each listed LDAP server contains the
same SSL domain client database.
If the Nortel SNAS clients are dispersed in different LDAP server
databases, you can configure the LDAP servers as separate authentication
methods, with different authentication IDs. If you include all LDAP
authentication IDs in the authentication order, each LDAP server will be
used to authenticate client groups.
To enable LDAP authentication, ensure that the authentication ID that
represents the LDAP configuration is included in the authentication
order you have specified for the Nortel SNAS domain (see “Specifying
authentication fallback order” (page 209)).
To manage the LDAP servers used for client authentication in the domain,
use the following command:
/cfg/doamin #/aaa/auth #/ldap/servers
The LDAP servers menu appears.
Nortel Secure Network Access Switch
Using the Command Line Interface
NN47230-100 03.01 Standard
28 July 2008
Copyright © 2007, 2008 Nortel Networks
.










