On initial binds to the LDAP server during user authentication, there are
three options:
Anonymous authentication: Bind attempt is made without a client DN or password.
If the bind is successful, a search will be requested in order to find an entry
on the LDAP server for the user attempting to login. If an entry is found, a
second attempt to bind will be attempted, this time with the user's DN and
password. If this succeeds, the user is deemed to have passed the user
authentication phase. Group authentication is then attempted if it is enabled.
Client authentication: Bind attempt is made with client DN and password
specified by this configuration parameter. If the bind is successful, we
proceed as above.
User Principal Name (UPN): Bind attempt is made directly with the credentials
used during the login process. If this succeeds, the user is deemed to have
passed the user authentication phase. Note that for Active Directory servers,
the userid can have the form someuser@somedomain or simply someuser.
Strict UPN: This is the same as UPN above, except that the userid must have
the form someuser@somedomain. The string entered by the user will be parsed
for the @ symbol.
Parsed from file RTRSAAG.MIB.txt
Company: ibm
Module: RSA-MIB
Child arc 0 is used to translate between SNMPv1 and SNMPv2 notification parameters as explained in IETF RFC 2576, section 3.
ldapBindingMethod OBJECT-TYPE SYNTAX INTEGER { anonymousAuthentication(0), clientAuthentication(1), userPrincipalName(2), strictUserPrincipalName(3) } ACCESS read-write STATUS mandatory DESCRIPTION "On initial binds to the LDAP server during user authentication, there are three options: Anonymous authentication: Bind attempt is made without a client DN or password. If the bind is successful, a search will be requested in order to find an entry on the LDAP server for the user attempting to login. If an entry is found, a second attempt to bind will be attempted, this time with the user's DN and password. If this succeeds, the user is deemed to have passed the user authentication phase. Group authentication is then attempted if it is enabled. Client authentication: Bind attempt is made with client DN and password specified by this configuration parameter. If the bind is successful, we proceed as above. User Principal Name (UPN): Bind attempt is made directly with the credentials used during the login process. If this succeeds, the user is deemed to have passed the user authentication phase. Note that for Active Directory servers, the userid can have the form someuser@somedomain or simply someuser. Strict UPN: This is the same as UPN above, except that the userid must have the form someuser@somedomain. The string entered by the user will be parsed for the @ symbol." ::= { ldapClientCfg 10 }
OID | Name | Sub children | Sub Nodes Total | Description |
---|---|---|---|---|
1.3.6.1.4.1.2.3.51.1.4.9.3.6.10.0 | ldapBindingMethod | 0 | 0 | None |
OID | Name | Sub children | Sub Nodes Total | Description |
---|---|---|---|---|
1.3.6.1.4.1.2.3.51.1.4.9.3.6.1 | ldapServer1NameOrIPAddress | 1 | 1 | A NULL terminated 64 byte string that contains the LDAP server host name or IP address (a.b.c.d). |
1.3.6.1.4.1.2.3.51.1.4.9.3.6.2 | ldapServer1PortNumber | 1 | 1 | LDAP server port number. |
1.3.6.1.4.1.2.3.51.1.4.9.3.6.3 | ldapServer2NameOrIPAddress | 1 | 1 | A NULL terminated 64 byte string that contains the LDAP server host name or IP address (a.b.c.d). |
1.3.6.1.4.1.2.3.51.1.4.9.3.6.4 | ldapServer2PortNumber | 1 | 1 | LDAP server port number. |
1.3.6.1.4.1.2.3.51.1.4.9.3.6.5 | ldapServer3NameOrIPAddress | 1 | 1 | A NULL terminated 64 byte string that contains the LDAP server host name or IP address (a.b.c.d). |
1.3.6.1.4.1.2.3.51.1.4.9.3.6.6 | ldapServer3PortNumber | 1 | 1 | LDAP server port number. |
1.3.6.1.4.1.2.3.51.1.4.9.3.6.7 | ldapRootDN | 1 | 1 | Distinguished Name for root entry of directory tree. An example might look like dn=foobar,dn=com. |
1.3.6.1.4.1.2.3.51.1.4.9.3.6.8 | ldapUserSearchBaseDN | 1 | 1 | As part of the user authentication process, it is necessary to search the LDAP server for one or more attributes associated with… |
1.3.6.1.4.1.2.3.51.1.4.9.3.6.9 | ldapGroupFilter | 1 | 1 | This filter is used for group authentication. It specifies what group or groups that this MM belongs to. If left blank, group au… |
1.3.6.1.4.1.2.3.51.1.4.9.3.6.11 | ldapClientAuthenticationDN | 1 | 1 | The initial bind to the LDAP server during user authentication can be performed with anonymous authentication, client based auth… |
1.3.6.1.4.1.2.3.51.1.4.9.3.6.12 | ldapClientAuthenticationPassword | 1 | 1 | The client authentication password |
1.3.6.1.4.1.2.3.51.1.4.9.3.6.13 | ldapUIDsearchAttribute | 1 | 1 | When the binding method selected is Anonymous authentication or Client authentication, the initial bind to the LDAP server is fo… |
1.3.6.1.4.1.2.3.51.1.4.9.3.6.14 | ldapGroupSearchAttribute | 1 | 1 | When the MM Group Filter name is configured, it is necessary to retrieve from the LDAP server the list of groups that a particul… |
1.3.6.1.4.1.2.3.51.1.4.9.3.6.15 | ldapLoginPermissionAttribute | 1 | 1 | When a user successfully authenticates via a LDAP server, it is necessary to retrieve the login permissions for this user. In or… |
1.3.6.1.4.1.2.3.51.1.4.9.3.6.16 | ldapUseDNSOrPreConfiguredServers | 1 | 1 | The MM contains a Version 2.0 LDAP Client that may be configured to provide user authentication through one or more LDAP servers… |
1.3.6.1.4.1.2.3.51.1.4.9.3.6.17 | ldapDomainSource | 1 | 1 | The DNS SRV request sent to the DNS server must specify a domain name. The LDAP client will determine where to get this domain n… |
1.3.6.1.4.1.2.3.51.1.4.9.3.6.18 | ldapSearchDomain | 1 | 1 | This parameter may be used as the domain name in the DNS SRV request, depending on how the Domain Source parameter is configured. |
1.3.6.1.4.1.2.3.51.1.4.9.3.6.19 | ldapServiceName | 1 | 1 | The DNS SRV request sent to the DNS server must also specify a service name. The configured value will be used for this purpose.… |