CHAPTER 7: AUTHENTICATION AND AUTHORIZATION 75Chapter 7: Authentication and AuthorizationIf you selected LDAP as your remote authentication protocol, use the steps in the following section,Implementing LDAP Remote Authentication, to complete fields in the LDAP tab.1. Before starting the configuration of the LDAP authentication section in the Dominion SXconfiguration, please gather all information for the required fields from the administrator of thedirectory server.2. Log on as a user with Admin privileges. Click on the Configuration tab, and then select the LDAP tab.3. Enter the IP Address of your primary and secondary remote authentication servers in the PrimaryServer IP Address and Secondary Server IP Address fields.4. Enter the server secret/password needed to authenticate against your remote authentication servers inthe Secret Phrases field. Re-type the server secret in the Confirm Secret Phrase field.5. When finished, click Update and then click Save to save the changes made to the LDAP tab.Implementing LDAP Remote AuthenticationImportant: Microsoft Active Directory functions natively as an LDAP authentication server.If you choose LDAP authentication protocol, complete the LDAP fields as follows:• Use Secure LDAP – Apply this rule to enable LDAP(S), which ensures that all authentication requestsand replies transmitted over the network are encrypted. Generally, LDAP uses TCP port 389, andLDAP(S) uses TCP port 636.• Secret – This is the root password to access the directory server/manager. The name for this fielddepends on the Directory Server. The SUN iPlanet directory server uses Secret. Microsoft WindowsActive Directory refers to it as the password.• Base DN – This is the 'root' point to bind to the server; this is same as Directory Manager DN (e.g.,BaseDn: cn=Directory Manager)• Base Search – This is the sub-tree of the Base DN to direct the search to the path of the userinformation such as UID and speed up search time. In other words, it is the domain name; this is wherethe search starts for the user name. The user name is created in this domain. (e.g., BaseSearch:dc=raritan, dc=com).• Authorization Query String – This can be any string. But, the same string needs to be added as anattribute under BaseSearch domain. For example, if the authorization query string is DominionSX,then an attribute named DominionSX needs to be added under the given domain specified byBaseSearch field. The values for this attribute are similar to as mentioned for RADIUS in Appendix Cof the Dominion SX user manual.For example:o:* gives access to all ports and the user type is Operator.o:1:2:3 gives access to ports 1,2,3 and user type is Operatorob:* is for Observera:* is for AdministratorConsult your authentication server administrator for the appropriate values to type into these fields inorder to process LDAP authentication queries from Dominion SX.If you have any questions at this point, please contact your LDAP server administrator or RaritanCustomer Support.