|
This section is available for configuration via the Control Center only at update of Dr.Web Server from the previous version. After disabling this authentication type, its section will be excluded from the Control Center settings. At the first Dr.Web Server installation, this section is not available. |
You can configure authentication using the LDAP protocol on any LDAP server. You can also use this mechanism to configure Dr.Web Server running a Unix-like OS for authentication in Active Directory on a domain controller.
Unlike with Active Directory, this mechanism can be adapted to any LDAP schema. By default, an attempt is made to use the Dr.Web Enterprise Security Suite attributes as defined for Active Directory.
To enable LDAP authentication
1.Select Administration in the main menu of the Control Center, then select Authentication in the control menu → LDAP authentication.
2.Set the Use LDAP authentication flag.
3.Click Save.
4.Restart Dr.Web Server to apply changes.
You can also use the auth-ldap.conf configuration file located in the etc folder of Dr.Web Server to configure the parameters of LDAP authentication. A description of the configuration file is provided in the Appendices, in section B2. LDAP Authentication.
The LDAP authentication process can be presented as the following:
1.LDAP server address is specified via the Control Center or the XML configuration file.
2.For the specified username, the following actions are performed:
•Translation of the name to the DN (Distinguished Name) using DOS-like masks (with the character *) if any translation rules are specified.
•Translation of the name to the DN using regular expressions if any translation rules are specified.
•A custom script for translation of the name to the DN is used if it is specified in settings.
•If no matches in the translation rules are found, the specified name is used as it is.
|
The format for specifying usernames is not predefined and fixed—it can be whatever is accepted in the organization, that is, no purposeful modification of the LDAP schema is required. Adaptation to the schema is performed by means of using rules for translating usernames to LDAP DNs. |
3.After translation, like in the Active Directory case, an attempt to register the user on the specified LDAP server using the determined DN and the specified password is performed.
4.After this, like in the Active Directory case, the LDAP object attributes are read for the determined DN. The attributes and their values can be redefined in the configuration file.
5.If any undefined values of the administrator attributes are found and inheritance is enabled (in the configuration file), a search for the attributes is performed in the groups the user is a member of, like in the Active Directory case.