Manualshelf

Specifications

ManualsBrandsRaritan ManualsComputer equipmentCOMMANDCENTER 2.20 -
131132133134135136137138139140
114 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE
Distinguished Names for LDAP and AD
Configuration of remotely authenticated users on LDAP or AD servers requires entering user
names and searches in Distinguished Name format. The full DN format is described in
RFC2253.
For the purposes of this document, you need to know how to enter Distinguished Names and in
what order each component of the name should be listed.
Specifying a Distinguished Name for AD should follow this structure, but you do not have to
specify both common name and organization unit:
common name (cn), organizational unit (ou), domain component (dc)
Specifying a DN for Netscape LDAP and eDirectory LDAP should follow this structure:
user id (uid), organizational unit (ou), organization (o)
Username
When authenticating CC-SG users on an AD server by specifying
cn=administrator,cn=users,dc=xyz,dc=com in username, if a CC-SG user is associated with
an imported AD group, the user will be granted access with these credentials. Note that you can
specify more than one common name, organizational unit, and domain component.
Base DN
You also enter a Distinguished Name (DN) to specify where the search for users begins. Enter a
DN in the Base DN field to specify an AD container in which the users can be found. For
example, entering: ou=DCAdmins,ou=IT,dc=xyz,dc=com will search all users in the
DCAdmins and IT organizational units under the xyz.com domain.
Specify Modules for Authentication and Authorization
Once you have added all the external servers as modules in CC-SG (see sections below for
instructions on adding AD, LDAP, TACACS+, and RADIUS modules), you specify whether you
want CC-SG to use each of them for either authentication, authorization, or both.
1. On the Administration menu, click Security. When the Security Manager screen appears,
click the General tab. All configured external authentication and authorization servers
display in the External AA Servers section.
2. For each server, check the Authentication checkbox if you want CC-SG to use the server for
authentication of users.
3. For each server, check the Authorization checkbox if you want CC-SG to use the server for
authorization of users. Only AD servers can be used for authorization.
4. Click Update to save your changes.