what happens if a Distinguished Name (ON) is NOT found in LADP?

In NGX, what happens if a Distinguished Name (ON) is NOT found in LADP?

In NGX, what happens if a Distinguished Name (ON) is NOT found in LADP?

A.
NGX takes the commonname value from the Certificate subject, and searches the LADP account unit for a matching user id

B.
NGX searches the internal database for the username

C.
The Security Gateway uses the subject of the Certificate as the ON for the initial lookup

D.
If the first request fails or if branches do not match, NGX tries to map the identity to the user id attribute

E.
When users authenticate with valid Certificates, the Security Gateway tries to map the identities with users registered in the extemal LADP user database

Explanation:

Retrieving Information from a SmartDirectory (LDAP) server

When a Gateway requires user information for authentication purposes, it searches for this information in three different places:

1 The first place that is queried is the internal users database.

2 If the specified user is not defined in this database, the Gateway queries the SmartDirectory (LDAP) servers defined in the Account Unit one at a time, and according to their priority. If for some reason the query against a specified SmartDirectory (LDAP) server fails, for instance the SmartDirectory (LDAP) connection is lost, the SmartDirectory (LDAP) server with the next highest priority is queried. If there is more than one Account Unit, the Account Units are queried concurrently. The results of the query are either taken from the first Account Unit to meet the conditions, or from all the Account Units which meet the conditions. The choice between taking the result of one Account Unit as opposed to many is a matter of Gateway configuration.

3 If the information still cannot be found, the Gateway uses the external users template to see if there is a match against the generic profile. This generic profile has the default attributes applied to the specified user.



Leave a Reply 1

Your email address will not be published. Required fields are marked *