AAA Server Definition

Froydor
Froydor Posts: 6
First Anniversary First Comment
edited April 2021 in Security
I use OPENLDAP to authenticate my users in the VPN, however, while I have it working, it required me to shuffle my users around in the LDAP tree structure.  Originally, I have users in subtrees based on the office they were based out of.  As such, I have a branch named "Employees" with subtrees beneath for "Little Rock", "Baton Rouge", "Fayetteville", and "Chesterfield".  I found out, however, that, while the LDAP search did search the subtrees fine, I could not filter the results as only authorized employees should be allowed to use the VPN.  I found myself creating a new subtree called "VPN" and moving the authorized employees there as setting the baseDN to it, but that broke other item not related to the VPN.  Is there a way to set a filter attribute, for example, an OU attribute as a filter.  That way, only employees in the subtree with an OU=vpn would be returned?
Is the group Membership Attribute applicable here?

All Replies

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,278  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @Froydor,

    You can add ext-group-user user objects to identify groups based on these group identifier values.

    Go to CONFIGURATION > Object > User/Group > User and click "Add".

    The user type "ext-group-user" allows you to group users by the value of the group membership attribute configured for the AD or LDAP server.


  • ChrisGer
    ChrisGer Posts: 205  Ally Member
    First Anniversary Friend Collector First Answer First Comment
    @Zyxel_Emily
    i found this question and i require also LDAP authentication on USG Firewalls but i found no document that show
    - configure user authentication on the USG to get access to dedicated destinations
    - configure admin access to the USG (like the local admin account on the USG).

    Is there any document existing, how to establish user and admin authentication trough openldap (actuall version).

    thx and gredards
    Chris

Security Highlight