Login
    Contenu x
    NetIQ eDirectory back-end authentication
    • 07 Jan 2025
    • 1 Minute à lire
    • Sombre
      Lumière
    • PDF
    Contenu

    NetIQ eDirectory back-end authentication

    • Mis à jour le 07 Jan 2025
    • 1 Minute à lire
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    To enable back-end authentication for NetIQ eDirectory

    1. Identify the NetIQ eDirectory server based on the NetIQ eDirectory back-end server records in OneSpan Authentication Server.
    2. Bind to NetIQ eDirectory using the security principal DN and password defined for the NetIQ eDirectory back-end server record if principal details specified.
    3. Search NetIQ eDirectory for the FQDN and attributes of the user that has to be authenticated (starting from the base search DN).
    4. Try to authenticate with NetIQ eDirectory using a bind with the FQDN and password of the user to be authenticated.

    The version of NetIQ eDirectory used for LDAP back-end authentication on OneSpan Authentication Server must be 8.8. In addition, the following rules must be followed to set up NetIQ eDirectory for LDAP back-end authentication on OneSpan Authentication Server:

    • If anonymous binding is disabled on the NetIQ eDirectory server, the security principal DN has to be a NetIQ eDirectory account that has the necessary permissions to search the directory for the user accounts to be authenticated.
    • Each user ID has to be unique below the search base distinguished name in the LDAP structure.
    • Partitioning is not supported, although exactly the same search base distinguished name may be used on different servers.
    • NetIQ eDirectory must be enabled with universal password.

    If authentication fails, the attributes retrieved during the search will be used to determine the cause of the failure.

    After enabling back-end authentication for NetIQ eDirectory, you will need to set up a back-end server record for it. This means to register it as a back-end server for OneSpan Authentication Server via the Administration Web Interface.

    Table: Supported user logon formats for NetIQ eDirectory
    User ID formatSource of user ID
    UserIDUser ID of the user
    MYREALM\useridFully qualified domain name + user ID of the user
    userid@mydomain.comUser ID attribute of the user + fully qualified domain name

    OneSpan Authentication Server only supports SASL Digest-MD5 binding as the client authentication mechanism for binding with the supported back-end authentication servers.

    For more information about setting up a back-end server record for NetIQ eDirectory, refer to the Administration Web Interface Help.

    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle