Authenticating Users Using LDAP
- Viktoryia Varapayeva (Deactivated)
LDAP (Lightweight Directory Access Protocol)Â is an internet protocol for accessing distributed directory services. NetMRI can authenticate and authorize admin accounts by verifying user names and passwords against the directory in LDAP. The directory service is an information storage model where all information is a collection of entries arranged in a hierarchical tree-like structure called a Directory Information Tree (DIT). Each entry in the directory consists of a set of attributes that each describe an information type, such as a network domain, country, company, organization, person, and so on. All entries have a globally unique Distinguished Name (DN) that typically represents a path to that entry in the directory tree. You use values called Base DNs in your LDAP service configuration to navigate the directory structure and locate your user accounts for authentication and authorization.
NetMRI queries the LDAP server for the user account's group membership information. The appliance matches the remote group names from the LDAP server with the group names in its local database. NetMRI then authorizes services and grants the admin privileges, based upon the matching admin group on the appliance.