LDAP Authentication |
To enable LDAP authentication 1.Select in the main menu of the Control Center. 2.Select in the control menu. 3.In the opened window, select section. 4.Set the authentication flag. 5.Click . 6.Restart Dr.Web Server to apply changes. You can configure authentication using LDAP protocol at any LDAP server. Also you can use this mechanism to configure Dr.Web Server under UNIX system-based OS for authentication in Active Directory on a domain controller.
Unlike to Active Directory, this mechanism can be configures to any LDAP scheme. By default the Dr.Web Server attributes are used as they were defined for Active Directory. LDAP authentication process can be presented as the following: 1.LDAP server address is specified via the Control Center or xml configuration file. 2.For the specified user name, the following actions are performed: •Translation of name to the DN (Distinguished Name) using DOS-like masks (with * symbol), if rules are specified. •Translation of name to the DN using regular expressions, if rules are specified. •Custom script for translation of name to the DN is used, if it is specified in settings. •If matches in translation rules are not found, specified name is used as it is.
3.After translation, like for the Active Directory, attempt of the user registration at the specified LDAP server using determined DN and specified password is performed. 4.After this, like for the Active Directory, LDAP object attributes are read for the determined DN. Attributes and their possible values can be redefined in the configuration file. 5.If undefined values of administrator attributes are found, and inheriting is specified (in the configuration file), the search of needed attributes in the user groups is the same as in the Active Directory. |