![background image](/i/tripp-lite/128520/tripp-lite-b094-008-2e-m-f-b096-048-b096-016-b094-008-2e-v-b096-032/h/tripp-lite-b094-008-2e-m-f-b096-048-b096-016-b094-008-2e-v-b096-032-151.png)
151
Chapter 9: Authentication
Perform the following procedure to configure the LDAP authentication method to be used whenever the Console Server or any
of its serial ports or hosts is accessed:
• Select
Serial and Network: Authentication
and check
LDAP
or
LocalLDAP
or
LDAPLocal
or
LDAPDownLocal
• Enter the
Server Address
(IP or host name) of the remote Authentication server. Multiple remote servers may be
specified in a comma-separated list. Each server is tried in succession.
• Enter the
Server Password
• Check the
Server Protocol
box if SSL is to be used and/or enforced for communications with the LDAP server. Console
servers running firmware v3.11 and above offer three options for LDAPS (LDAP over SSL):
o
LDAP over SSL preferred
will attempt to use SSL for authentication, but will fall back to LDAP without SSL if the
authentication attempt fails. For example, LDAP over SSL may fail due to certificate errors or the LDAP server may not
be contactable on the LDAPS port.
o
LDAP over SSL only
will configure the console server to only accept LDAP over SSL. If LDAP over SSL fails, you will
only be able to log in to the
console server
as root.
o
LDAP (no SSL) only
will configure the console server to only accept LDAP without SSL. If LDAP without SSL fails, you
will only be able to log in to the
console server
as root.
• The
Ignore SSL Certificate Error
check box allows you to ignore SSL certificate errors so that LDAP over SSL works
regardless of certificate errors. Any certificate can be used—self-signed or otherwise—on the LDAP server without having
to install any certificates on the
console server
. If this setting is not checked, you must install the CA (certificate authority)
certificate that the LDAP server’s certificate was signed with onto the
console server
. For example, the LDAP server will
contain a certificate singed using the certificate ‘myCA.crt’.
Note:
The certificate needs to be in CRT format and
myCA.crt
needs to be installed onto
console server
at
‘/etc/config/ldaps_
ca.crt’
. The file name must also be
‘ldaps_ca.crt’
. You will need to copy the file and file name manually to this location using
‘scp’ or:
scp /local/path/to/myCA.crt root@console_server:/etc/config/ldaps_ca.crt
• Click
Apply
. LDAP remote authentication will now be used for all user access to Console Server and serially or network
attached devices
LDAP
The Lightweight Directory Access Protocol (LDAP) is based on the X.500 standard, but is significantly simpler and
more readily adapted to meet custom needs. The core LDAP specifications are all defined in RFCs. LDAP is a protocol
used to access information stored in an LDAP server. Further information on configuring remote RADIUS servers can
be found at the following sites:
http://www.ldapman.org/articles/intro_to_ldap.html
http://www.ldapman.org/servers.html
http://www.linuxplanet.com/linuxplanet/tutorials/5050/1/
http://www.linuxplanet.com/linuxplanet/tutorials/5074/4/