The version of NetIQ eDirectory used for LDAP back-end authentication on OneSpan Authentication Server Appliance must be 8.8. In addition, the following rules must be followed to set up NetIQ eDirectory for LDAP back-end authentication on OneSpan Authentication Server Appliance:
- If anonymous binding is disabled on the NetIQ eDirectory server, the security principal DN has to be a NetIQ eDirectory account that has the necessary permissions to search the directory for the user accounts to be authenticated.
- Each user ID has to be unique below the search base distinguished name in the LDAP structure.
- Partitioning is not supported, although exactly the same search base distinguished name may be used on different servers.
- NetIQ eDirectory must be enabled with universal password.
| User ID format | Source of user ID |
|---|---|
| UserID | User ID of the user |
| MYREALM\userid | Fully qualified domain name + user ID of the user |
| userid@mydomain.com | User ID attribute of the user + fully qualified domain name |
Figure: Back-end authentication with NetIQ eDirectory (Workflow)
For more information about setting up a back-end server record for NetIQ eDirectory, refer to the Administration Web Interface Help.