Access Control List (ACL) syntax for NDS / NTLM / LDAP / Radius authentication profiles

(Last modified: 05Aug2003)

This document (10077674) is provided subject to the disclaimer at the end of this document.

goal

Access Control List (ACL) syntax for NDS / NTLM / LDAP / Radius authentication profiles

fact

Novell Volera Excelerator

fix

Access Control List (ACL) syntax for NDS / NTLM / LDAP / Radius authentication profilesAccess Control List (ACL) syntax for NDS / NTLM / LDAP / Radius authentication profiles.
Fields are explained in the <> comments after each example.

Active Directory - LDAP Group
cn=joeuser,ou=volera,dc=orem,dc=volera,dc=com,ap=ad,group
<username=joeuser, context=volera, AD domain=orem.volera.com, authentication profile=ad,group> 


Active Directory - LDAP User
cn=joeuser,ou=volera,dc=orem,dc=volera,dc=com,ap=ad,group
<username=joeuser, context=volera, AD domain=orem.volera.com, authentication profile=ad,group>


NDS-LDAP-Group
cn=joeuser,o=volera,ap=ldap-nds,group
cn=usergrp,o=volera,ap=ldap-nds,group
<username=joeuser, groupname = usergrp, context=volera, authentication profile=ldap-nds,group>


NDS-LDAP-User
cn=joeuser,o=volera,ap=ldap-nds,group
<username=joeuser, context=volera, authentication profile=ldap-nds,group>
 

NDS User
joeuser.volera
<username=joeuser, context=volera, authentication profile=nds>
 

NTLM-GROUP
ntlmgroup,ap=ntlm,group
<username=joeuser, groupname=ntlmgroup, authentication profile=ntlm>
 

NTLM-USER
joeuser,ap=ntlm,username
<username=joeuser, authentication profile=ntlm>
 

NTLM with 2.2 feature pack 1 / NTLM with Excelerator 2.3
domain\joeuser,ap=ntlm-fp
domain\ntlmgroup,ap=ntlm-fp,group
<username=joeuser, ntlmgroup=group, Domain name=domain, authentication profile=ntlm-fp>  


Restricting via LDAP directory, group, and user:
Directory: ou=simon,o=ics,ap=ldap
Group: cn=group,o=ics,ap=ldap,group
User: cn=admin,o=ics,ap=ldap


NOTE:  To restrict by group membership, the LDAP authentication profile must have the "LDAP group object class name" and "LDAP user attribute group membership" field properly completed.  To see the correct syntax for these fields, see TID 10078591.  In the command line and .NAS files, these fields are called objectclassgroup and userattrmembership.

document

Document Title: Access Control List (ACL) syntax for NDS / NTLM / LDAP / Radius authentication profiles
Document ID: 10077674
Solution ID: NOVL84804
Creation Date: 12Dec2002
Modified Date: 05Aug2003
Novell Product Class:Volera Excelerator

disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.