AAA Server Definition
I use OPENLDAP to authenticate my users in the VPN, however, while I have it working, it required me to shuffle my users around in the LDAP tree structure. Originally, I have users in subtrees based on the office they were based out of. As such, I have a branch named "Employees" with subtrees beneath for "Little Rock", "Baton Rouge", "Fayetteville", and "Chesterfield". I found out, however, that, while the LDAP search did search the subtrees fine, I could not filter the results as only authorized employees should be allowed to use the VPN. I found myself creating a new subtree called "VPN" and moving the authorized employees there as setting the baseDN to it, but that broke other item not related to the VPN. Is there a way to set a filter attribute, for example, an OU attribute as a filter. That way, only employees in the subtree with an OU=vpn would be returned?
Is the group Membership Attribute applicable here?
Is the group Membership Attribute applicable here?
0
All Replies
-
Hi @Froydor,
You can add ext-group-user user objects to identify groups based on these group identifier values.
Go to CONFIGURATION > Object > User/Group > User and click "Add".
The user type "ext-group-user" allows you to group users by the value of the group membership attribute configured for the AD or LDAP server.
0 -
@Zyxel_Emily
i found this question and i require also LDAP authentication on USG Firewalls but i found no document that show
- configure user authentication on the USG to get access to dedicated destinations
- configure admin access to the USG (like the local admin account on the USG).
Is there any document existing, how to establish user and admin authentication trough openldap (actuall version).
thx and gredards
Chris0
Categories
- All Categories
- 347 Beta Program
- 2.1K Nebula
- 114 Nebula Ideas
- 77 Nebula Status and Incidents
- 5K Security
- 44 USG FLEX H Series
- 246 Security Ideas
- 1.2K Switch
- 65 Switch Ideas
- 901 WirelessLAN
- 33 WLAN Ideas
- 5.8K Consumer Product
- 204 Service & License
- 326 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.8K FAQ
- 831 Nebula FAQ
- 401 Security FAQ
- 219 Switch FAQ
- 190 WirelessLAN FAQ
- 45 Consumer Product FAQ
- 136 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 71 About Community
- 61 Security Highlight