Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authentication - AD/NT vs. LDAP?

hutchingsp_
Contributor
‎05-13-2009 07:50:AM
‎05-13-2009 07:50:AM

Authentication - AD/NT vs. LDAP?

I'm evaluating an SA appliance and we want to do domain authentication (by "domain" I simply mean we use Active Directory).

I notice there are options to do "proper" AD/NT authentication where the SA joins the domain, which is what I have it setup with right now, and I notice you can do LDAP authentication where you'd point it to your domain controllers, set your base DN's and away you go presumably.

My question is, why is one "better" than the other?

For example I'd really like to be able to limit the base DN so that only users in OU's under a certain parent OU could login, and I don't seem able to do this using AD authentication whilst I can do it using LDAP authentication.

I guess there are pros and cons to both, I'm unsure what they are in the real-world though?

0 Kudos
Reply
5 REPLIES 5
muttbarker_
Valued Contributor
‎05-13-2009 09:01:AM
‎05-13-2009 09:01:AM

Re: Authentication - AD/NT vs. LDAP?

AD authentication and authorization is very limited. Especially on the authorization component where you limited to groups. Using LDAP gives you a LOT more flexibility. You can map and use pretty much any user attribute you want for the role assignment piece.

I am sure there is some reason for using AD, but I can't think of it Smiley Happy

We are a reseller and we pretty much always use LDAP on our installs.

0 Kudos
Reply
hutchingsp_
Contributor
‎05-13-2009 09:50:AM
‎05-13-2009 09:50:AM

Re: Authentication - AD/NT vs. LDAP?

Thanks for the reply. I'm trying to set this up (to be fair I've not spoken to the resller yet) and I'm nearly there but I'm missing a trick.

We have a domain, "DC=domain,DC=co,DC=uk" so far as everything else that uses LDAP is concerned.

Within that we have OU's such as:

"OU=Users,DC=domain,DC=co,DC=uk"

and

"OU=Groups,DC=domain,DC=co,DC=uk"

which also contain OU's so our actually staff may be in

"OU=Staff,OU=Users,DC=domain,DC=co,DC=uk"

and our groups in

"OU=Global Groups,OU=Groups,DC=domain,DC=co,DC=uk".

I seem to have managed to get authentication working, but as an example I can't browse/search groups when doing role mapping - I clearly have it setup wrong but I'm not quite sure from the documentation what is "right"?

Message Edited by hutchingsp on 05-13-2009 09:51 AM
0 Kudos
Reply
muttbarker_
Valued Contributor
‎05-13-2009 09:56:AM
‎05-13-2009 09:56:AM

Re: Authentication - AD/NT vs. LDAP?

Send me your email in a private message and I can send you some screen shots of a simple LDAP setup that might help.

0 Kudos
Reply
hutchingsp_
Contributor
‎05-13-2009 10:16:AM
‎05-13-2009 10:16:AM

Re: Authentication - AD/NT vs. LDAP?

Thanks Kevin - just in case anyone else finds themselves in a similar predicament, it was a missing "member" in the "Member Attribute" in the groups search fields.
0 Kudos
Reply
DanSmart_
Contributor
‎05-15-2009 09:47:PM
‎05-15-2009 09:47:PM

Re: Authentication - AD/NT vs. LDAP?

When running LDAP, you have to add AD groups to the "Groups Catalog" In Role Mapping, Groups, Add a group. In the catalog screen, you need to do a search, and find the group you want, then add it to the Catalog. If you set your nesting parameter in the LDAP authentication, it will expand any nested groups automatically.
0 Kudos
Reply
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.