NetIQ eDirectory back-end authentication
To enable back-end authentication for NetIQ eDirectory
- Identify the NetIQ eDirectory server based on the NetIQ eDirectory back-end server records in OneSpan Authentication Server.
- Bind to NetIQ eDirectory using the security principal DN and password defined for the NetIQ eDirectory back-end server record if principal details specified.
- Search NetIQ eDirectory for the FQDN and attributes of the user that has to be authenticated (starting from the base search DN).
- Try to authenticate with NetIQ eDirectory using a bind with the FQDN and password of the user to be authenticated.
If authentication fails, the attributes retrieved during the search will be used to determine the cause of the failure.
After enabling back-end authentication for NetIQ eDirectory, you will need to set up a back-end server record for it. This means to register it as a back-end server for OneSpan Authentication Server via the Administration Web Interface.
| User ID format | Source of user ID |
|---|---|
| UserID | User ID of the user |
| MYREALM\userid | Fully qualified domain name + user ID of the user |
| [email protected] | User ID attribute of the user + fully qualified domain name |
OneSpan Authentication Server only supports SASL Digest-MD5 binding as the client authentication mechanism for binding with the supported back-end authentication servers.
Figure: Back-end authentication with NetIQ eDirectory (Workflow)
For more information about setting up a back-end server record for NetIQ eDirectory, refer to the Administration Web Interface Help.