LDAP authentication
Content Gateway supports the LDAP option to ensure that users are authenticated with an LDAP server before accessing content through the proxy.
Important: If rule-based authentication will be used, configure LDAP authentication through the Rule-Based Authentication option. However, read this section to become familiar
with LDAP features and restrictions.
When LDAP is enabled:
- Content Gateway acts as an LDAP client and directly challenges users who request content for a username and password.
- After receiving the username and password, Content Gateway contacts the LDAP server to check that the credentials are correct.
- If the LDAP server accepts the username and password, the proxy serves the client the requested content and stores the username and password in the credential cache.
- Future authentication requests for that user are served from the cache until the cache entry expires (Time-To-Live value).
- If the LDAP server rejects the username and password, the user’s browser displays a message indicating that authorization failed and prompts again for a username and password.
LDAP authentication supports both simple and anonymous bind.
LDAP user authentication can support passwords containing special characters. Configuration is made directly in the records.config file. The following parameter must be enabled, and the correct encoding name to which the special characters belong must be configured. Add these entries to records.config. Note that the default setting is 0 (feature disabled).
// To enable the feature specify 1.
CONFIG proxy.config.ldap.proc.encode_convert INT <1 or 0>
// Specify an encoding name here. For example,
// for German specify "ISO-8859-1".
CONFIG proxy.config.ldap.proc.encode_name STRING <encoding name>