NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual
Authenticating Users
3-7
v1.1, November 2006
name=”Administrator”
memberOf=”CN=Terminal Server Computers,CN=Users,DC=netgear,
DC=net”objectClass=”user”
msNPAllowDialin=”FALSE”
LDAP Attribute Rules
•
If multiple attributes are defined for a group,
all
attributes must be met by LDAP users.
•
If no attributes are defined, then any user authorized by the LDAP server can be a member of
the group.
•
If multiple groups are defined and a user meets all the LDAP attributes for two groups, then
the user will be considered part of the group with the most LDAP attributes defined. If the
matching LDAP groups have an equal number of attributes, then the user will be considered a
member of the group based on the alphabetical order of the groups.
•
If an LDAP user fails to meet the LDAP attributes for all LDAP groups configured on the SSL
VPN Concentrator, then the user will not be able to log into the portal. So the LDAP attributes
feature not only allows the administrator to create individual rules based on the LDAP group
or organization, it also allows the administrator to only allow certain LDAP users to log into
the portal.
Sample LDAP Users and Attributes Settings
If you manually add a user to an LDAP group, then the user setting will take precedence over
LDAP attributes.
For example:
An LDAP attribute
objectClass=”Person”
is defined for group Group1 and an LDAP
attribute
memberOf=”CN=WINS Users,DC=netgear,DC=net”
is defined for Group2.
•
If user Jane is defined by an LDAP server as a member of the Person object class, but is
not
a
member of the WINS Users group, Jane will be a member of the SSL VPN Concentrator
Group1.
•
But if the administrator manually adds the user Jane to the SSL VPN Concentrator Group2,
then the LDAP attributes will be ignored and Jane will be a member of Group2.