Add an LDAP server

Lightweight Directory Access Protocol is a networking protocol for querying and modifying directory services based on the X.500 standard. The firewall uses the LDAP protocol to authenticate users for several services, allowing or denying access based on attributes or group memberships. The firewall also supports LDAPS/SLDAP (LDAP Secure or Secure LDAP) over Secure Sockets Layer (SSL) or Transport Layer Security (TLS). When you add an authentication server, you define an external server and provide settings for managing access to it.

  1. Go to Authentication > Servers and click Add.
  2. From the Server type list, select LDAP server.
  3. Enter a name.
  4. Type an IP address and port.
  5. Specify the settings.
    OptionDescription
    Version LDAP version.
    Anonymous login Allow anonymous requests to the LDAP server. Turn off and specify a user name and password to bind user with the server.
    Username User name for the server. Must be specified as a distinguished name (DN) in LDAP syntax. For example, uid=root,cn=user.
    Password Password for the server.
    Connection security Connection security for the server.
    Note Using encryption is recommended.
    • Simple Send user credentials as unencrypted plain text.
    • SSL/TLS Use Secure Sockets Layer/Transport Layer Security to encrypt the connection.
    • STARTTLS Upgrade a non-encrypted connection by wrapping it with SSL/TLS after or during the connection process. Uses the default port.
    Validate server certificate When using a secured connection, validates the certificate on the external server.
    Client certificate Client certificate to use for establishing a secure connection.
    Note To manage client certificates, go to Certificates.
    Base DN Base distinguished name (DN) for the server. The Base DN is the starting point relative to the root of the directory tree, where users are specified. Must be specified as a distinguished name (DN) in LDAP syntax. For example, O=Example,OU=RnD.
    Tip Click Get base DN to retrieve the Base DN from the directory.
    Authentication attribute Authentication attribute for searching the LDAP directory. The user authentication attribute contains the sign-in name each user is prompted for, for example, by remote access services.
    Display name attribute Name for the server, which is displayed to the user as the server user name.
    Email address attribute Alias for the configured email address, which is displayed to the user.
    Group name attribute Alias for the configured group name, which is displayed to the user.
    Expiry date attribute Expiry date displayed to the user. The attribute specifies how long a user account is valid.
  6. Click Test connection to validate the user credentials and check the connection to the server.
  7. Click Save.

Go to Authentication > Services and select servers to use for service authentication.