Allowing Console administrators to log on using enterprise directory credentials

Complete the following steps to let administrators log on to the Configuration Console using their existing enterprise credentials.
You can log on to the VIP Enterprise Gateway Configuration Console as a local administrator with the user name and password that you set when you installed the VIP Enterprise Gateway software. However, you can also let administrators log on to the Configuration Console using their existing enterprise credentials, such as their LDAP authentication credentials. After the Console administrators log on to the Configuration Console, all actions that they perform are logged under their name. Such specific logs help to make the management of VIP Enterprise Gateway easier.
  1. To allow Console administrators to log on with enterprise credentials:
  2. From the
    User Store
    tab, click the
    Console Authentication
    link.
  3. If you are configuring Console administrator access for the first time, you are prompted to continue configuration. Click
    Yes
    .
  4. Complete the following fields as required and click
    Save
    .
    Field
    Description
    User Store
    Name
    Select the user store that contains the user information of the Console administrators that you want to authenticate. Console administrator access to the Configuration Console is authenticated against this user store.
    Type
    Displays the type of user store (LDAP).
    Search Criteria
    Base DN
    The Base DN string indicates where to start searching for user information within the LDAP server. For example:
    DC=acme,DC=com
    This field can be blank for AD Global Catalog.
    User Filter
    Specify your user store filters for constraining access to those Console administrators that you want to authenticate.
    • To search for a user, use the format
      (&(uid=%s)(objectclass=organizationalPerson))
    • To search for a user in AD, use the format
      (&(&(objectClass=user)(objectCategory=person))(sAMAccountName=%s))
    • To search for a user in AD with Groupmembership enabled, use the format:
      (&(&(objectClass=user)(objectCategory=person))(sAMAccountName=%s)(memberOf=cn=Security_group,cn=Users,DC=sales,DC=acme,DC=com))
    Replace
    %s
    with the logging user name.
    Group Filter
    Specify your user store filters for constraining group membership and role of Console administrators that can use their enterprise directory credentials to log on to Configuration Console (if not the default).
    Test Settings
    Test User Name
      An existing user ID (required to verify that the configuration is working).