LDAP
The Sentry family of products supports Lightweight Directory Access Protocol (LDAP) Version 3. This
support enables authentication with LDAP servers; user accounts do not need to be individually created
locally on each Sentry device.
This allows administrators to pre-define and configure (in each Sentry product, and in the LDAP
server) a set of necessary LDAP Groups, and access rights for each. User’s access rights can then be
assigned or revoked simply by making the user a member of one-or-more pre-defined Sentry LDAP
Groups. User accounts can be added, deleted, or changed in the LDAP server without any changes
needed on individual Sentry products.
Sentry 5.3b LDAP support has been tested in the following environments:
• Microsoft Active Directory (MSAD)
• Novell eDirectory (eDir)
• OpenLDAP
LDAP Command Summary
Command Description
Set Authorder Specifies the authentication order for each new session attempt
Set LDAP Enables/disables LDAP support
Set LDAP HostIP Sets the IP address of the Directory Services server
Set LDAP Port Sets the LDAP server port number
Set LDAP Bind Specifies the LDAP bind request password type
Set LDAP BindDN Specifies the user account Fully-Qualified Distinquished Name (FQDN) for binds
Set LDAP BindPW Specifies the user account password for binds
Set LDAP GroupAttr Specifies the user class distinguished name (DN) or names of groups a user is a
member of
Set LDAP GroupType Specifies the data type for the Set LDAP GroupAttr command
Set LDAP UserBaseDN Sets the base distinguished name (DN) for the username search at login
Set LDAP UserFilter Sets the filter used for the username search at login
Show LDAP Displays LDAP configurations
Set DNS Sets the IP address of the Domain Name server
Ping Verifies proper DNS configuration by name resolution
Show Network Displays network configuration information
Create LDAPGroup Adds an LDAP group name
Remove LDAPGroup Deletes an LDAP group name
Add GrouptoLDAP Grants an LDAP group access to one or more groups
Add OutlettoLDAP Grants an LDAP group access to one or all outlets
Add PorttoLDAP Grants an LDAP group access to one or serial ports
Delete GroupfromLDAP Removes access to one or more groups for an LDAP group
Delete OutlettoLDAP Removes access to one or more outlets for an LDAP group
Delete PortfromLDAP Removes access to one or more serial ports for an LDAP group
Set LDAPGroup Access Sets the access level for an LDAP group
Set LDAPGroup Envmon Grants or removes privileges to view input and environmental monitoring status
List LDAPGroup Displays all accessible outlet/groups/ports for an LDAP group
List LDAPGroups Displays privilege levels for all LDAP groups
54 • Advanced Operations Sentry PT22
Installation and Operations Manual