Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
873 Views 4 Replies Latest reply: Dec 27, 2012 11:01 AM by bg2 RSS
bg2 Newcomer 3 posts since
Dec 26, 2012
Currently Being Moderated

Dec 26, 2012 1:36 PM

Custom LDAP - find user in a group

Hello:

 

I have been struggling with this and not really getting anywhere.

We are using Red Hat ldap and I need to do the following.

 

1) I need to authenticate the user and password (this seems to work fine)

2) If a user is in 1 of 5 predefined ldap groups they are granted access, otherwise they are blocked.

 

I have been unsuccessful in getting #2 to work.

 

a) ou=company.com

b) search filter (do not filter searches)

c) external groups=  org_1, org_2, org_3, org_4, org_5.

 

If anyone can shine some light on this for me?

 

Thanks

BG

  • sliedl McAfee SME 535 posts since
    Nov 3, 2009
    Currently Being Moderated
    1. Dec 26, 2012 3:28 PM (in response to bg2)
    Re: Custom LDAP - find user in a group

    What version of the firewall are you using?

  • sliedl McAfee SME 535 posts since
    Nov 3, 2009
    Currently Being Moderated
    3. Dec 27, 2012 10:27 AM (in response to bg2)
    Re: Custom LDAP - find user in a group

    First, you go to Authenticators and click the 'User and User Groups' button in the top-right.  This is where you add these External Group names.  Then you go to your Access Control Rules and open the rule for which you want to authenticate these users.  In the 'Users and Groups' section there you select the External Group names you created in the previous step.  The LDAP authenticator you created is selected in the 'Authenticator' drop-down box in this rule also.  Now the sessions through this rule will be authenticated against your LDAP server and, if a group returned by the LDAP query matches a group in the rule, this session will be allowed.  Otherwise it will skip this rule and go through the rules below this one until it hits another matching rule or hits the Deny All rule.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points