Configuring Secondary Authentication settings - Adaptive Applications - BlueCat Gateway - 3.0.0

Device Registration Portal

English (United States)
Product name
BlueCat Gateway

You can configure secondary authentication settings in case primary authentication fails. This is optional.

When the primary authentication server fails to authenticate a user, DRP uses the secondary authentication settings to authenticate the user.
Note: The secondary authentication setting is optional. Therefore, there is no validation implemented. If you wish, you can skip this section and proceed to the next section of configuration settings.

The minimum permissions required are as follows:

OpenLDAP ActiveDirectory
  • The BIND user should be able to search usernames in the directory.
  • The BIND user should be able to query the entries of administrator groups.
  • The BIND user should have the read permission for the memberUid attribute of groups or other attribute that is used to identify the users within a group.
  • The BIND user should be able to search usernames in the directory.
  • The BIND user should have the read permission for the memberOf attribute of users.
  1. Under Connection Settings, set the following parameters:
    • Enable Secondary Authentication—select the checkbox to enable secondary authentication and configure your secondary LDAP authentication server.
    • Authentication Type—select the type of method to use for authentication. The available types are OpenLDAP and ActiveDirectory. You need to configure the different options depending on the type you choose.
      Authentication type Required options
      • Authentication URL
      • Bind DN
      • Search Base DN
      • Search Groups Base DN
      • Search Filter
      • User Prefix
      Active Directory
      • Authentication URL
      • Bind DN
      • Search Base DN
      • Search Filter
      • User Prefix
    • Authentication URL—enter the URL of the LDAP server. Use ldap for an unsecured connection: ldap:// Use ldaps for a secured connection: ldaps://
    • Bind DN—specify the value for the bind DN that will be used to validate the principal user. This is the user that has permission to search LDAP. You can use an existing user ID or create a new user. For example: cn=Admin, dc=netreg, dc=bcn, dc=com.
    • Bind Password—enter the bind password.
    • Test Bind DN—click this button to test Bind DN after entering the above parameters.
    • Search Base DN—enter the LDAP search base DN using the attribute for your environment. For example: ou=people,dc=bcn,dc=com.
    • User Prefix—enter the name of the LDAP attribute that will be used to find users. Enter uid for OpenLDAP and sAMAccountName for Active Directory.
    • Search Filter—set the LDAP search filter to specify the object class of user objects in your directory. For example: objectClass=inetOrgPerson for OpenLDAP, objectClass=Person for Active Directory.
    • Test Account Username—enter your Active Directory username.
    • Test Account Password—enter your Active Directory password.
    • Test Account—click this button to test your Active Directory account.
  2. Under Groups, select the type of LDAP user group (Admin Group, Junior Admin Group, or Report Group), and set the following parameters to define LDAP group name for each of the levels of administrator authority and the characteristics for each group:
    • LDAP Admin Group Name—enter the Common Name (not Distinguished Name) of an LDAP group that corresponds to each DRP administrative group. The same group name must exist on the LDAP server.
    • Restrict Search—enter the search criteria that the group cannot use. The valid search criteria are:
      • mac—prevents from searching for MAC addresses.
      • uid—prevents from searching for usernames.
      • blank—do not restrict. The Restrict Search field is recommended to be left empty.
    • Read Only Access—if selected, the member of this user group will not be able to alter the user’s device.
    • Allow Wildcard Search—if selected, the member of this user group will be able to perform a substring search with or without using the supported wildcards. If this option is not selected, the member of this user group will only be able to perform a search with the exact word(s) or character(s) without using any wildcard. The supported wildcards are as follows:
      • ^ (carat)—matches the beginning of a string. For example: ^ex matches example but not text.
      • $ (dollar sign)—matches the end of a string. For example: ple$ matches example but not please.
      • * (asterisk) or % (percent sign)—matches zero or more characters within a string. For example: ex*t matches exit and excellent.
      • _ (underscore) or ? (question mark)—matches any single character within a string. For example: e_ample matches example.
      Note: The following characters are not supported in the search string:
      • , (comma)
      • ( ) (parentheses)
      • [ ] (square braces)
      • { } (curly braces)
      • \ (backslash)
      Note: Within the DRP Administration Portal you can search by user ID, IP address or MAC address.
      Note: You may also search for text in user-defined fields associated with MAC addresses, such as the Description field used by DRP, if the user-defined field does not have the Hide from Search attribute set in Address Manager.
    • Allow DHCP Reservation—select the checkbox to enable support for DHCP reserved registrations. If selected, both dynamic and reserved registrations can be added.
    • Can Delete Blacklisted Devices—if selected, the members of this user group will be able to delete a blacklisted device.
  3. Click Next.

Proceed to the next section to configure DNS/DHCP Server settings.