Application Delivery Management

Add LDAP authentication server

When you integrate LDAP protocol with RADIUS and TACAS authentication servers, you can use NetScaler Console to search and authenticate user credentials from distributed directories.

  1. Navigate to Settings > Authentication.

  2. Select the LDAP tab and then click Add.

  3. On the Create LDAP Server page, specify the following parameters:

    1. Name – Specify the LDAP server name

    2. Server Name/IP address – Specify the LDAP IP address or server name

    3. Security Type – Type of communication required between the system and the LDAP server. Select from the list. If plain text communication is inadequate, you can choose encrypted communication by selecting either Transport Layer Security (TLS) or SSL

    4. Port – By default, port 389 is used for PLAINTEXT. You can also specify port 636 for SSL/TLS

    5. Server Type – Select Active Directory (AD) or Novell Directory Service (NDS) as the type of LDAP server

    6. Time-out (seconds) – Time in seconds for which the NetScaler Console system waits for a response from the LDAP server

    7. LDAP Host Name – Select Validate LDAP Certificate check box and specifying the host name to be entered on the certificate

      Clear the Authentication option and specify the SSH Public Key. With key-based authentication, you can now fetch the list of public keys that are stored on the user object in LDAP server through SSH.

      LDAP

      Under Connection Settings, specify the following parameters:

      1. Base DN – The base node for LDAP server to start the search

      2. Administrator Bind DN – User name to it bind to LDAP server. For example, admin@aaa.local.

      3. Bind DN password – Select this option to provide a password for authentication

      4. Enable Change Password – Select this option to enable password change

        LDAP

      Under Other Settings, specify the following parameters

      1. Server Log on Name Attribute – Name attribute used by the system to query the external LDAP server or an Active Directory. Select samAccountname from the list.

      2. Search Filter – Configure external users for two-factor authentication according to the search filter configured in LDAP server. For example, vpnallowed=true with ldaploginame samaccount and the user-supplied user name bob would yield an LDAP search string of: &(vpnallowed=true)(samaccount=bob).

        Note

        By default, the values in the search filter are enclosed in brackets.

      3. Group Attribute – Select memberOf from the list.

      4. Sub Attribute Name – The Sub attribute name for group extraction from the LDAP server.

      5. Default Authentication Group – Default group to choose when the authentication succeeds in addition to extracted groups.

        LDAP

  4. Click Create.

    The LDAP server is now configured.

    Note:

    If the users are Active Directory group members, the group and the users’ names on NetScaler Console must have the same names of Active Directory group members.

  5. Enable the external authentication servers.

    For more information about enabling external authentication servers, see Enable external authentication servers and fallback options.

Add LDAP authentication server

In this article