8e6 Technologies Enterprise Filter Authentication R3000 User Manual

Size:
6.79 Mb
Download

CHAPTER4: LDAP AUTHENTICATIONSETUPSET UP LDAP DOMAIN GROUPS, MEMBERS

Delete a rule

To delete a rule from a profile, the entity must currently display in the grid and have a rule assigned to the profile.

1.Click the Mark checkbox for the entity.

2.Click Delete Rule to remove the entity’s profile from the tree.

Specify a group’s filtering profile priority

1.Select the LDAP domain, and choose Set Group Priority from the pop-upmenu to display the Set Group Priority window:

Fig. 4-17Set Group Priority window

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

149

CHAPTER4: LDAP AUTHENTICATIONSETUPSET UP LDAP DOMAIN GROUPS, MEMBERS

This window is used for designating which group profile will be assigned to a user when he/she logs in. If a user is a member of multiple groups, the one that is positioned highest in the list is applied.

NOTES: Groups automatically populate the Profile Group(s) list box, if these groups have one or more identical users and were added to the tree list via the Select Groups/Members from Domain window.

An entry for the Group Priority list is added to the end of the list when the group profile for that group is added to the R3000, and is removed automatically when you delete the profile.

2.To change the order of groups in the list:

a.Select a group from the Profile Group(s) list box.

b.Use the up or down arrow button to move that group up or down in the list.

c.Click Apply to apply your settings.

Manually add a user’s name to the tree

1.Select the LDAP domain, and choose Manually Add Member from the pop-upmenu to open the Manually Add Member dialog box:

Fig. 4-18Manually Add Member box

This dialog box is used for adding a username to the tree list, so that a filtering profile can be defined for that user.

2. Enter the username in the text box.

150

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

CHAPTER4: LDAP AUTHENTICATIONSETUPSET UP LDAP DOMAIN GROUPS, MEMBERS

TIP: LDAP usernames should be input exactly as entered as entered for the LDAP Distinguished Name.

Examples:

CN=Jane Doe, CN=Users, DC=qc, DC=local

CN=Public\, Joe Q., OU=Users, OU=Sales, DC=qc, DC=local

CN=Doe\, John, CN=Users, DC=qc, DC=local

3.Click OK to add the username to the domain’s section of the tree.

NOTE: See Add or maintain an entity’s profile under Create and Maintain LDAP Profiles for information on defining the filtering profile for the user.

Manually add a group’s name to the tree

1.Select the LDAP domain, and choose Manually Add Group from the pop-upmenu to open the Manually Add Group dialog box:

Fig. 4-19Manually Add Group box

This dialog box is used for adding a group name to the tree list, so that a filtering profile can be defined for that group.

2.Enter the group’s name in the text box, using the entire Distinguished Name format.

3.Click OK to add the group name to the domain’s section of the tree.

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

151

CHAPTER4: LDAP AUTHENTICATIONSETUPSET UP LDAP DOMAIN GROUPS, MEMBERS

NOTE: See Add or maintain the entity’s profile under Createand Maintain LDAP Profiles for information on defining the filtering profile for the group.

Upload a file of filtering profiles to the tree

1.Select the LDAP domain, and choose Upload User/ Group Profile from the pop-upmenu to open the Upload User/Group Profile window:

Fig. 4-20Upload User/Group Profile window

This window is used for uploading a file to the tree with user or group names and their associated filtering profiles.

2.Click Upload to open the Upload Member Profile Filepop-upwindow:

152

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

CHAPTER4: LDAP AUTHENTICATIONSETUPSET UP LDAP DOMAIN GROUPS, MEMBERS

Fig. 4-21Upload Member Profile File window

3.Click Browse to open the Choose file window.

4.Select the file to be uploaded.

WARNING: Any file uploaded to the server will overwrite the existing user/group profile file.

Each user/group profile in the file uploaded to the server must be set up in a specified format in order for the profile to be activated on the server. This format differs depending on whether the profiles are user or group profiles. Based on the type of file format used, the file should have the following name:

ldapuserprofile.conf if the file contains LDAP user profiles

ldapgroupprofile.conf if the file contains LDAP group profiles

NOTE: See Appendix A: User/Group File Format and Rules for examples of valid filtering profile formats to use when creating a list of profiles to be uploaded to the server.

WARNING: When uploading a list of profiles to the tree, the user will be blocked from Internet access if the minimum filtering level has not been defined via the Minimum Filtering Level window. If you have just established the minimum filtering level, filter settings will not be effective until the user logs off and back on the server.

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

153

CHAPTER4: LDAP AUTHENTICATIONSETUPSET UP LDAP DOMAIN GROUPS, MEMBERS

5.Click Upload File to upload this file to the server. The Upload Successfulpop-upwindow informs you to click Reload in order for these changes to be effective.

6.Click Reload.

7.Go to the LDAP branch of the tree, and choose Refresh from the LDAP group menu.

154

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

CHAPTER4: LDAP AUTHENTICATIONSETUPCREATE, MAINTAIN LDAP PROFILES

Create, Maintain LDAP Profiles

Once an LDAP group or member has been added to the tree, a filtering profile can be created and maintained for that entity. For groups, the following options are available for filtering profile creation and maintenance: Group Member Details, Profile, and Remove. For members, the following options are available for filtering profile creation and maintenance: Profile, and Remove.

Add an LDAP group, member to the tree

Select the LDAP domain, and choose Group Member Details from the pop-upmenu to display the Group/Member Details window:

Fig. 4-22Group Member Details window

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

155

CHAPTER4: LDAP AUTHENTICATIONSETUPCREATE, MAINTAIN LDAP PROFILES

This window is used for viewing profile information about a group, and for adding members to a group.

In the Group Details frame, the following details display: Group name,Full Name (Distinguished Name) of the group,Domain name, andDomain Type. Members that belong to the group display in the Members list box in the Add Member to Profile frame.

To add a member to the tree list so that a profile can be created for that member:

1.Select the entity from the Members list box.

2.Click Add.

156

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

CHAPTER4: LDAP AUTHENTICATIONSETUPCREATE, MAINTAIN LDAP PROFILES

Add or maintain an entity’s profile

Select the LDAP domain, and choose Profile from the popup menu to display the default Category tab of the Profile window:

Fig. 4-23Group Profile window, Category tab

The Profile option is used for viewing/creating the filtering profile of the defined entity (group or member). Entries made in the Category, Redirect URL, and Filter Options tabs comprise the profile string for the entity.

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

157

CHAPTER4: LDAP AUTHENTICATIONSETUPCREATE, MAINTAIN LDAP PROFILES

Category Profile

Category Profile is used for creating the categories portion of the filtering profile for the entity.

NOTE: In order to use this tab, filtering rules should already have been set up via the Rules window, accessible from the Global Group options, and the minimum filtering level should already be established. The minimum filtering level is set up in the Minimum Filtering Level window, accessible from the Global Group options.

By default, “Rule0 Minimum Filtering Level” displays in the Available Filter Levels pull-downmenu, and the Minimum Filtering Level box displays “Child Pornography” and “Pornography/Adult Content”. By default,Uncategorized Sites are allowed to Pass.

NOTE: By default, theAvailable Filter Levels pull-downmenu also includes these three rule choices: Rule1 BYPASS”, “Rule2 BLOCK Porn”, “Rule3 Block IM and Porn”, and “Rule4 8e6 CIPA Compliance”.

To create the category portion of the entity’s filtering profile:

1.Select a filtering rule from the available choices, and/or select categories to block.

If you select a filtering rule from the Available Filter Levels pull-downmenu, this action automatically populates the Blocked Categories, Pass Categories, and/or Always Allowed list box(es) in the Rule Details frame with library categories set up as blocked, passed, or included in the white list for that rule.

If you select a library category from the Blocked Categories, Pass Categories, or Always Allowed list box, and use the right arrow (>) or left arrow (<) to move that category to another list box, the Available Filter Levels pull-downmenu changes to “Custom Profile”.

158

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE