The Authentication Page of the Configuration Editor allows you to edit the server authentication settings.
It contains four sections : Supported Authentication Mechanisms , SASL Settings , SASL Quality Of Protection and SASL Realms .
Here's what the Authentication Page looks like:
This section allows you to specify the supported authentication mechanisms. You can choose between the following mechanisms:
- SIMPLE
- CRAM-MD5 (SASL)
- DIGEST-MD5 (SASL)
- GSSAPI (SASL)
- NTML (SASL)
- GSS-SPNEGO (SASL)
This section allows you to specify to the SASL setting.
The SASL Host field represents the name of the host.
The SASL Principal field represents the service principal name that the server-side of the LDAP protocol provider will use to "accept" a GSSAPI context initiated by the LDAP client. The SASL principal MUST follow the name-form "ldap/[fqdn]@[realm]".
The Search Base DN field represents the Distinguished Name where a subtree-scoped DIT search will be performed. This is BOTH where the LDAP service principal must reside, as well as where user principals must reside.
This section allows you to specify the SASL quality of protection. You can choose between the following values:
- auth (Authentication only)
- auth-int (Authentication with integrity protection)
- auth-conf (Authentication with integrity and privacy protection)
