When to use LDAP in Simple mode and when to use LDAP in Regular mode?

Support Model :
  • Tags :

More and more network administrators use AD server or LDAP server to authenticate the clients for VPN or for Internet Access with Vigor Router. However, different AD or LDAP structures may need different LDAP client mode. This document will describe the differences between Simple mode and Regular mode, and when to use them accordingly.

 

When to use LDAP in Simple mode?

LDAP client in Simple mode will send Bind Request only. So it can be used when the Users that Vigor Router wants to authenticate are all in same CN or in same OU. The user account must be available under the CN or the OU directly, like the scenario below: Vigor Router – the LDAP client will send bind request with cn=vivian,ou=vpnusers,dc=draytek,dc=com directly for this case.

 

 

 

When to use LDAP in Regular mode?

LDAP client in Regular mode will be able to send a Search Query after a successful Bind with Regular DN and Password. And, it can be used when the Users that Vigor Router wants to authenticate are in same CN or in same OU but the users are located in different sub OUs, like the scenario below.

 

 

The working flow is

1. Vigor Router – the LDAP client will send Bind request with the Regular DN and Password to server and server responds Bind Success.

2. Vigor Router sends Search Query to ask where is vivian under ou=People,dc=draytek,dc=com

3. LDAP server responds vivian is found and the correct location is ou=RD1,ou=RD,ou=People,dc=draytek,dc=com

4. Vigor Router sends Bind Request with cn=vivian,ou=RD1,ou=RD,ou=People,dc=draytek,dc=com and server responds Bind Success

 

 

When to use Additional Filter or Group DN?

Additional Filter or Group DN is the additional filter. After the bind → search → bind working flow, Vigor will do search again when Group DN or Additional Filter is configured. That means the server must find the user in the Group DN path or the filter.

 

 

 

See also:

Was this article helpful ?
23When to use LDAP in Simple mode and when to use LDAP in Regular mode? has been viewed------ 23 ------times.