Availability:

This feature was introduced in M2000 V200R010.

Summary:

This feature implements remote centralized user authentication, enhancing user security.
Currently, this feature can implement the centralized authentication based on users and based
on user roles.

Benefits:

This feature provides the centralized authentication based on users and based on user roles,
which applies to different scenarios and enhances the security of M2000 user management.
The LDAP-based centralized user authentication interface helps telecom operators build a
centralized user authentication platform for the entire network.  As protocol and systemresources of telecom operators are managed in a centralized manner, the OPEX and network
security risks are reduced.

Description:

With the LDAP-based centralized user authentication interface, users can remotely
authenticate user names and passwords. This interface supports SSL-encrypted transmission.
Users can configure this interface to meet the requirements of telecom operators.
The M2000 provides centralized authentication management based on user accounts and user

roles.

The details are as follows:

• Centralized authentication management based on user accounts

The LDAP server stores the information about all users on the entire network, including
user accounts and passwords. The M2000 server retains the local user management
function, including the information about users, user groups, and user rights.
Before using the centralized authentication function, users need to create a user account
on the LDAP server. When a user logs in to the M2000 through the LDAP server, the
LDAP authenticates the user account and delivers the authentication result to the M2000.
If the user account is successfully authenticated, the M2000 uses the local user
management function to control the user rights. If the user account information is not
available in the M2000 system, the M2000 automatically creates the user account. The
user account authorization must be performed by the M2000 security administrator on
the M2000.

• Centralized authentication management based on user roles (or user groups)

In this authentication mode, the M2000 retains the local user account information,
including users, user groups, and user rights. The local user management function,
however, cannot be used any longer.  As a result, the user information cannot be created,
modified, or deleted on the M2000.

Before using the centralized authentication function, users need to create a user account

and authorize the user account on the LDAP server based on the user group to which the
user belongs. When a user logs in to the M2000 through the LDAP server, the LDAP
authenticates the user account and delivers the authentication result and user role (or user
group) information to the M2000. If the user account is successfully authenticated, the
M2000 authorizes the user according to the information returned by the LDAP server.

Enhancement:

None

Dependency:

None

Described in details

Thanks for sharing

Excellent topic