Sentry Industries PT22 Universal Remote User Manual


 
Enabling and Setting up LDAP Support
There are a few configuration requirements for properly enabling and setting up LDAP support. Below
is an overview of the minimum requirements.
Directory Services server configuration requirements:
1. Define at least one LDAP group.
2. Assign users to that LDAP group.
Sentry configuration requirements:
1. Enable LDAP support.
2. Define the IP address and domain component of at least one Directory Services server.
3. Set the LDAP bind request method being utilized by the Directory Services server.
4. Define the IP address of at least one DNS server.
5. Test DNS server configuration using Sentry ‘ping’ support.
6. Define at least one LDAP group and assign access rights for that group.
NOTE: LDAP group names on the Directory Service server and the Sentry must match.
Enabling and disabling LDAP support
The Set LDAP command is used to enable or disable LDAP support.
To enable or disable LDAP support:
At the Sentry: prompt, type set ldap, followed by enabled or disabled and press Enter.
Setting the LDAP host IP address
The Set LDAP HostIP command sets the TCP/IP address of the Directory Services server.
To set the LDAP host IP address:
At the Sentry: prompt, type set ldap, followed by hostip1 or hostip2 and the Directory Services
server’s IP address. Press Enter.
Example
The following command sets the primary Directory Services server IP address to 98.76.54.32:
Sentry: set ldap hostip1 98.76.54.32<Enter>
Changing the LDAP server port
The Set LDAP port command sets the port to which the Sentry sends LDAP requests to on the
previously defined LDAP server. The default port is 389.
To change the LDAP server port:
At the Sentry: prompt, type set ldap port, followed by the port number and press Enter.
Example
The following command sets the LDAP server port number to 8888:
Sentry: set ldap port 8888<Enter>
Setting the LDAP bind password type
The Set LDAP Bind command sets the password type used in the bind requests. The Sentry supports
two LDAP bind methods – Simple and MD5.
The Simple method utilizes unencrypted delivery of a username-password over the network to the
Active Directory server for authentication.
The MD5 digest method provides much stronger protection utilizing one-way encoded hash numbers,
never placing the username-password on the network. For more information on MD5, see Setting the
HTTP authentication method: on page 14.
NOTE: Windows 2000 is known only to support Simple binding. Windows 2003 supports both Simple and MD5 binding.
To set the bind password type:
At the Sentry: prompt, type set ldap bind, followed by simple or md5 and press Enter.
Sentry PT22 Advanced Operations 55
Installation and Operations Manual