Help Center> Cloud Bastion Host> User Guide> User> Remote Authentication Management> Configuring Remote LDAP Authentication
Updated on 2023-08-17 GMT+08:00

Configuring Remote LDAP Authentication

CBH interconnects with the LDAP server to authenticate CBH system user logins.

This topic describes how to configure the LDAP authentication mode.

Constraints

  • One-click synchronization of LDAP server users is not supported.
  • Identical configurations of two LDAP authentication servers are not allowed. Each LDAP server has unique combination of IP address, port number, and user OU.

Prerequisites

  • You have the management permissions for the System module.
  • You have obtained the information about the LDAP server.

Procedure

  1. Log in to the CBH system.
  2. Choose System > Sysconfig > Authenticate.

    Figure 1 Configuring remote authentication

  3. Click Add in the LDAP Settings area.

    LDAP supports the two authentication modes:

    • If you select Auth for Auth Mode, configure the parameters by referring to Table 1.
      Figure 2 Configuring LDAP authentication
      Table 1 LDAP authentication parameters

      Parameter

      Description

      Server

      Specifies the IP address of the LDAP server.

      Status

      Specifies whether to enable remote LDAP authentication. Remote LDAP authentication is enabled by default ().

      • : LDAP authentication is enabled. Remote LDAP authentication is enabled when the user logs in to the CBH system.
      • : LDAP authentication is disabled.

      SSL

      Specifies whether to enable SSL encryption. SSL encryption is disabled by default ().

      • : SSL encryption is disabled.
      • : SSL encryption is enabled. After SSL encryption is enabled, data transmitted by synchronized users or authenticated users is encrypted.

      Port

      Specifies the access port of the remote LDAP server. The default port number is 389.

      User OU

      Specifies the user organization unit (OU) on the LDAP server.

      User Filter

      Specifies the users to be filtered out on the LDAP server.

    • Select Auth for Auth Mode and configure the parameters by referring to Table 2.

      Querying authentication method is included in version V3.3.36.0 and later only. To use this function, upgrade your CBH system to V3.3.36.0 or later by referring to Upgrading the CBH System Version.

      Figure 3 Inquire

      Table 2 LDAP inquiring mode parameters

      Parameter

      Description

      Server

      Specifies the IP address of the LDAP server.

      Status

      Specifies whether to enable remote LDAP authentication. Remote LDAP authentication is enabled by default ().

      • : LDAP authentication is enabled. Remote LDAP authentication is enabled when the user logs in to the CBH system.
      • : LDAP authentication is disabled.

      SSL

      Specifies whether to enable SSL encryption. SSL encryption is disabled by default ().

      • : SSL encryption is disabled.
      • : SSL encryption is enabled. After SSL encryption is enabled, data transmitted by synchronized users or authenticated users is encrypted.

      Port

      Specifies the access port of the remote LDAP server. The default port number is 389.

      Base DN

      Base DN of the LDAP server.

      Administrator DN

      Administrator DN.

      Administrator Password

      Password of the administrator.

      User OU

      Specifies the user organization unit (OU) on the LDAP server.

      User Filter

      Specifies the users to be filtered out on the LDAP server.

  4. Click OK. You can then view LDAP authentication configurations in the LDAP server list.

    Figure 4 LDAP authentication

Follow-up Operations

  • To view details of the configured LDAP authentication, click Details in the Operation column.
  • To modify or disable LDAP authentication, click Edit in the Operation column and reconfigure LDAP authentication in the displayed dialog box.
  • If the LDAP authentication is no longer required, click Delete in the Operation column to delete it. Deleted authentication information cannot be recovered. Exercise caution when performing this operation.