NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual
3-8 Authenticating Users
v2.0, May 2007
Sample LDAP Users and Attributes Settings
If you manually add a user to an LDAP group, then the user setting will take precedence over
LDAP attributes.
For example:
An LDAP attribute objectClass=Person is defined for group Group1 and an LDAP attribute
memberOf=CN=WINSUsers,DC=netgear,DC=net is defined for Group2.
• If user Jane is defined by an LDAP server as a member of the Person object class, but is not a
member of the WINS Users group, Jane will be a member of the SSL VPN Concentrator
Group1.
• But if the administrator manually adds the user Jane to the SSL VPN Concentrator Group2,
then the LDAP attributes will be ignored and Jane will be a member of Group2.
Querying an LDAP Server
To query your LDAP or Active Directory server to find out the LDAP attributes of your users, you
can use several different methods. From a machine with LDAPsearch tools (for example a Linux
machine with OpenLDAP installed), run the following command:
ldapsearch -h 10.0.0.5 -x -D
cn=demo,cn=users,dc=netgear,dc=net -w demo123 -b
dc=netgear,dc=net > /tmp/file
where
• 10.0.0.5 is the IP address of the LDAP or Active Directory server
• cn=demo,cn=users,dc=netgear,dc=net is the distinguished name of an LDAP
user
• demo123 is the password for the user demo
• dc=netgear,dc=net is the base domain that you are querying
• > /tmp/file is optional and defines the file where the LDAP query results will be
saved.
For further information on querying an LDAP server from a Window server, please see:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechRef/8196d68e-
776a-4bbc-99a6-d8c19f36ded4.mspx
