Device Configuration : Configure : Authentication : Servers : Add an External Server : Add LDAP Server
Add LDAP Server
This page describes how to add a LDAP server.
1. Go to Device Configuration > Configure > Authentication > Authentication Server and click Add.
2. Select the server type LDAP Server.
3. Enter values for the following settings:
Server Name
Enter a descriptive name for the LDAP server.
Server IP/Domain
Enter an IP address or domain for the LDAP server.
Enter the port of the LDAP server. By default, this is port 389.
Select the version of the LDAP server.
Anonymous Login
Enable to send anonymous requests to the LDAP server. Disable to bind user with the server.
(not with Anonymous Login)
Enter a name for the bind user.
(not with Anonymous Login)
Enter a password for the bind user.
Connection Security
Select the connection security for the LDAP server:
Simple: User credentials will be send unencrypted, for example, as clear text.
SSL: Secure Sockets Layer. This is the most common method used for secured connection. The Port will then change from 389 (LDAPClosed) to 636 (ldaps = LDAP over SSL).
TLS: Transport Layer Security. Same secure connection as SSL but uses the default port.
Validate Server Certificate
(not with Simple Connection Security)
Enable to validate the certificate on the external server.
Client Certificate
Select a client certificate from the list to establish a secured connection. If you do not want a client certificate, select None.
* You can manage client certificates under Objects > Identity > Certificate .
Base DN
Enter the Base DN for the LDAP server. The Base DN is the starting point relative to the root of the LDAP tree where the users are included who are to be authenticated. Note that the Base DN must be specified by the Fully Distinguished Name (FDN) in LDAP notation, using commas as delimiters (e.g., O=Example,OU=RnD).
Get Base DN
Click Get Base DN if you are not aware about the Base DN. The Base DN is automatically retrieved from the directory.
Authentication Attribute
Enter an authentication attribute for searching the LDAP directory. The user authentication attribute contains the actual login name each user is prompted for, for example by remote access services.
Display Name Attribute
Enter the name for the LDAP server which is displayed as LDAP username.
Email Address Attribute
Enter the alias for the configured email address which is displayed to the user.
Group Name Attribute
Enter the alias for the configured group name which is displayed to the user.
Expire Date Attribute
Enter the user expire date displayed to the user. The attribute specifies how long a user account is valid.
4. Click Test Connection to check the connectivity between LDAP and the Sophos Firewall OS. It also validates LDAP user credentials.
5. Click Save.
The LDAP server is now available and appears in the Authentication Server list.