Setting a global LDAP suffix
For LDAP integration with an AAA policy, you might need to define a global LDAP suffix.
LDAP authentication requires an X.500 DN and password. An example DN might be
cn=Alice,dc=datapower,dc=com
. When you configure for LDAP authentication, you
typical create a base DN (such as dc=datapower,dc=com
) and then create one entry
under this base for each user.
To make LDAP authentication more usable, the AAA policy provides the LDAP suffix. Set the LDAP
suffix to the base name under which user entries are found. If the LDAP suffix is not an empty
string, the AAA policy builds an X.509-compliant DN. The DN is built by adding the prefix
cn=
to the surname and appending a comma followed by the value of the LDAP suffix.
Hence, an LDAP suffix of dc=datapower,dc=com
, the username Alice
is mapped to the DN cn=Alice,dc=datapower,dc=com
.
The LDAP suffix field is available on the Main tab of the generic configuration.