Configuring Authentication settings - Adaptive Applications - BlueCat Gateway - 3.0.8

Device Registration Portal Administration Guide
Locale
English
Product name
BlueCat Gateway
Version
3.0.8

Configure authentication settings to establish secure communication between the DRP server and the LDAP server.
Note: The user identified by the Bind DN must have adequate permissions on the directory for authentication to work correctly.

The minimum permissions required are as follows:

OpenLDAP ActiveDirectory
  • The BIND user should be able to search usernames in the directory.
  • The BIND user should be able to query the entries of administrator groups.
  • The BIND user should have the read permission for the memberUid attribute of groups or other attribute that is used to identify the users within a group.
  • The BIND user should be able to search usernames in the directory.
  • The BIND user should have the read permission for the memberOf attribute of users.
  1. Under Connection Settings, set the following parameters:
    • Authentication Type—select the type of method to use for authentication. The available types are OpenLDAP and ActiveDirectory. You need to configure the different options depending on the type you choose.
      Authentication type Required options
      OpenLDAP
      • Authentication URL
      • Bind DN
      • Search Base DN
      • Search Groups Base DN
      • Search Filter
      • User Prefix
      Active Directory
      • Authentication URL
      • Bind DN
      • Search Base DN
      • Search Filter
      • User Prefix
    • Authentication URL—enter the URL of the LDAP server. Use ldap for an unsecured connection: ldap://192.0.2.0. Use ldaps for a secured connection: ldaps://192.0.2.0.
    • Bind DN—specify the value for the bind DN that will be used to validate the principal user. This is the user that has permissions to search LDAP. You can use an existing user ID or create a new user. For example: cn=Admin, cn=Users, dc=netreg, dc=bcn, dc=com.
    • Bind Password—enter the bind password.
    • Test Bind DN—click Test Bind DN to validate your Bind DN parameters. This must be done before proceeding to the next section of the configuration settings.
    • Search Base DN—enter the LDAP search base DN using the attribute for your environment. For example: ou=people,dc=bcn,dc=com.
    • User Prefix—enter the name of the LDAP attribute that will be used to find users. Enter uid for OpenLDAP and sAMAccountName for Active Directory.
    • Search Filter—set the LDAP search filter to specify the object class of user objects in your directory. For example: objectClass=inetOrgPerson for OpenLDAP, objectClass=Person for Active Directory.
    • Test Account Username—enter your Active Directory username.
    • Test Account Password—enter your Active Directory password.
    • Test Account—Click Test Account to validate your Active Directory account. This must be done before proceeding to the next section of the configuration settings.
  2. Under Groups, select the type of LDAP user group (Admin Group, Junior Admin Group, or Report Group), and set the following parameters to define LDAP group name for each of the levels of administrator authority and the characteristics for each group:
    • LDAP Admin Group Name—enter the Common Name (not Distinguished Name) of an LDAP group that corresponds to each DRP administrative group. The same group name must exist on the LDAP server.
    • Restrict Search—enter the search criteria that the group cannot use. The valid search criteria are:
      • mac—prevents from searching for MAC addresses.
      • uid—prevents from searching for usernames.
      • blank—do not restrict. The Restrict Search field is recommended to be left empty.
    • Read Only Access—if selected, the member of this user group will not be able to alter the user’s device.
    • Allow Wildcard Search—if selected, the member of this user group will be able to perform a substring search with or without using the supported wildcards. If this option is not selected, the member of this user group will only be able to perform a search with the exact word(s) or character(s) without using any wildcard. The supported wildcards are as follows:
      • ^ (carat)—matches the beginning of a string. For example: ^ex matches example but not text.
      • $ (dollar sign)—matches the end of a string. For example: ple$ matches example but not please.
      • * (asterisk) or % (percent sign)—matches zero or more characters within a string. For example: ex*t matches exit and excellent.
      • _ (underscore) or ? (question mark)—matches any single character within a string. For example: e_ample matches example.
      Note: The following characters are not supported in the search string:
      • , (comma)
      • ( ) (parentheses)
      • [ ] (square braces)
      • { } (curly braces)
      • \ (backslash)
      Note: Within the DRP Administration Portal, you can search by user ID, IP address, or MAC address.
      Note: You may also search for text in user-defined fields associated with MAC addresses, such as the Description field used by DRP, if the user-defined field does not have the Hide from Search attribute set in Address Manager.
    • Allow DHCP Reservation—select the checkbox to enable support for DHCP reserved registrations. If selected, both dynamic and reserved registrations can be added.
    • Can Delete Blocklisted Devices—if selected, the members of this user group will be able to delete a blocklisted device.
  3. Click Next.

Proceed to the next section to configure Secondary Authentication settings.