Setting a global LDAP suffix

For LDAP integration with an AAA policy, you might need to define a global LDAP suffix.

LDAP authentication requires an X.500 DN and password. An example DN might be cn=Alice,dc=datapower,dc=com. When you configure for LDAP authentication, you typical create a base DN (such as dc=datapower,dc=com) and then create one entry under this base for each user.

To make LDAP authentication more usable, the AAA policy provides the LDAP suffix. Set the LDAP suffix to the base name under which user entries are found. If the LDAP suffix is not an empty string, the AAA policy builds an X.509-compliant DN. The DN is built by adding the prefix cn= to the surname and appending a comma followed by the value of the LDAP suffix. Hence, an LDAP suffix of dc=datapower,dc=com, the username Alice is mapped to the DN cn=Alice,dc=datapower,dc=com.

The LDAP suffix field is available on the Main tab of the generic configuration.