LDAP server

Lightweight Directory Access Protocol is a networking protocol for querying and modifying directory services based on the X.500 standard. The firewall uses the LDAP protocol to authenticate users for several services, allowing or denying access based on attributes or group memberships. The firewall also supports LDAPS/SLDAP (LDAP Secure or Secure LDAP) over Secure Sockets Layer (SSL) or Transport Layer Security (TLS).

General settings

Server IP/domain
Server IP address or domain.
Port
Server port.
Version
LDAP version.
Anonymous login
Allow anonymous requests to the LDAP server. Turn off and specify a user name and password to bind user with the server.
User name
User name for the server. Must be specified as a distinguished name (DN) in LDAP syntax. For example, uid=root,cn=user.
Password
Password for the server.
Connection security
Connection security for the server.
Note Using encryption is recommended.
  • Simple Send user credentials as unencrypted plain text.
  • SSL/TLS Use Secure Sockets Layer/Transport Layer Security to encrypt the connection.
  • STARTTLS Upgrade a non-encrypted connection by wrapping it with SSL/TLS after or during the connection process. Uses the default port.
Validate server certificate
When using a secured connection, validates the certificate on the external server.
Client certificate
Client certificate to use for establishing a secure connection.
Note To manage client certificates, go to Certificates.
Base DN
Base distinguished name (DN) for the server. The Base DN is the starting point relative to the root of the directory tree, where users are specified. Must be specified as a distinguished name (DN) in LDAP syntax. For example, O=Example,OU=RnD.
Tip Click Get base DN to retrieve the Base DN from the directory.
Authentication attribute
Authentication attribute for searching the LDAP directory. The user authentication attribute contains the sign-in name each user is prompted for, for example, by remote access services.
Display name attribute
Name for the server, which is displayed to the user as the server user name.
Email address attribute
Alias for the configured email address, which is displayed to the user.
Group name attribute
Alias for the configured group name, which is displayed to the user.
Expiry date attribute
Expiry date displayed to the user. The attribute specifies how long a user account is valid.