Page 1
Troubleshooting Guide for SSL312 LDAP configuration
This guide will provide some tips on what you should check for before configuring the SSL312 to
authenticate through the LDAP Server.
NOTE: SSL312 does not currently support search for users within subtrees of a configured
BaseDN
Quick LDAP background:
LDAP = Lightweight Direct Access Protocol
Controls in a very fine-grained manner -- “who can do what to the data”
Extension of Active Directory which queries for additional information such as groups,
organizations,
DN = Distinguished Name
• Think of the DN as a full filename i.e.: dn: cn=John,dc=example,dc=com
CN = Common Name
• Username, group name or container that stores all the user/group names – i.e.:
Marketing, Users, etc…
DC = Domain Component
• Domain name – i.e.: NETGEAR.COM or NETGEAR.LOCAL
OU = Organization Unit
• Organization unit – i.e.: OU=marketing
Before you begin setting up the SSL312 for LDAP configuration, you should check to verify that
your LDAP server and its users are working properly. Below are some of the built-in commands
on Windows 2003 Server that you can use to verify the status of your LDAP server.
In the examples below, we have configured an LDAP server with the following settings:
• Windows 2003 Server
• Domain = NETGEAR.LOCAL
• Organization Unit = Marketing
1) List ALL the users under the “Users” group or container under the domain “Netgear.local”
At the MS-DOS prompt, type “dsquery user cn=users,dc=netgear,dc=local” (without quotes)
• Dsquery is the Windows built-in command to begin the LDAP query
• User indicate the name of the container where you want to do the query
Page 2
2) To list ALL the users with the username begins with “user” – this is helpful to verify what
group or container a user belong to and whether or not the user has been added to the LDAP
properly.
At the MS-DOS prompt, type “dsquery user –name user*” (without quotes)
• -name tells the server to run the query by name matches to what has been
specified, in this case, search for user with name begins with “user”
• * (asterisk) signifies wildcard
3) To list ALL users in the “Market” Organizational Unit (OU) – this is helpful to verify if a
particular user belongs to a specified OU.
At the MS-DOS prompt, type “dsquery user ou=marketing,dc=netgear,dc=local” (without
quotes)
4) To list all the Organization Unit (OU) that has name starting with “mark” – this is helpful to
verify all the OU in the local domain.
At the MS-DOS prompt, type “dsquery ou –name mark*” (without quotes)
Page 3
5) To list all group or container that has name starting with “SSL”
Copy this string to the LDAP BaseN field on the
SSL312
At the MS-DOS prompt, type “dsquery group –name SSL*” (without quotes)
How to configure the SSL312 to authenticate through the LDAP server
1) Using the commands and examples above, you should be able to verify and confirm that
your LDAP server and users have been configured and added properly
2) Use one of the DSQUERY commands above to find out the LDAP BaseN string that you
will need to configure the SSL312. In the example below, we will list all the users belong
to the “Marketing” Organization Unit in the NETGEAR.LOCAL domain.
At the MS-DOS prompt, type “dsquery user ou=marketing,dc=Netgear,dc=local”
(without quotes)
3) Copy the string listed, to the LDAP BaseN field on the SSL312
4) Click Apply and reboot your SSL312 for changes to take effect. All users login onto this
domain in the future will be authenticated by the LDAP server.
Loading...