Configuring LDAP authentication

You can add existing LDAP users to the firewall. Adding the users to a dedicated group allows you to specify policies for these users. You add a group, add an LDAP server, and set the primary authentication method.

Objectives

When you complete this unit, you’ll know how to do the following:

Add a group for LDAP users and specify policies.
Add and configure an LDAP server.
Set the primary authentication method so that the firewall queries the LDAP server first and assigns LDAP users to the dedicated group.

Add an LDAP group

Create a dedicated group for LDAP users and specify access policies.

Go to Authentication > Groups and click Add.

Specify the settings.

Note For settings not listed here, use the default value.

Option	Description
Group name	LDAP
Surfing quota	Unlimited internet access
Access time	Allowed all the time

Click Save.

Add an LDAP server

Add an LDAP server that specifies a base DN.

You’ll need the following information to complete this task:

Authentication attribute
Group name attribute

Go to Authentication > Servers and click Add.

Specify the settings.

Note For settings not listed here, use the default value.

Option	Description
Server type	LDAP server
Server name	LDAP_Server
Server IP/domain	192.168.1.101
Connection security	SSL/TLS
Base DN	DC=sophos,DC=com
Authentication attribute	UID
Group name attribute	GID
Expiry date attribute	Date

Click Test connection to validate the user credentials and check the connection to the server.
Click Save.

Set primary authentication method

To query the LDAP server first, you set it as the primary authentication method. When users sign in to the firewall for the first time, they are automatically added as a member of the default group specified. In this case, you specify the LDAP group.

Go to Authentication > Services.
In the authentication server list, select LDAP_Server.
Move the server to the first position in the list of selected servers.
For the default group, select LDAP.
Click Apply.