Lightweight Directory Access Protocol is a networking protocol for querying and modifying directory services based on the X.500 standard.
The firewall uses the LDAP protocol to authenticate users for several services, allowing or denying access based on attributes or group memberships. The firewall also supports LDAPS/SLDAP (LDAP Secure or Secure LDAP) over Secure Sockets Layer (SSL) or Transport Layer Security (TLS).
Server IP/domain: Server IP address or domain.
Port: Server port.
Version: LDAP version.
Anonymous login: Allow anonymous requests to the LDAP server. Turn off and specify a user name and password to bind user with the server.
Username: Username for the server. Must be specified as a distinguished name (DN) in LDAP syntax. For example, uid=root,cn=user.
Password: Password for the server.
Connection security: Connection security for the server.
Using encryption is recommended.
- Simple Send user credentials as unencrypted plain text.
- SSL/TLS Use Secure Sockets Layer/Transport Layer Security to encrypt the connection.
- STARTTLS Upgrade a non-encrypted connection by wrapping it with SSL/TLS after or during the connection process. Uses the default port.
Validate server certificate: When using a secured connection, validates the certificate on the external server.
Client certificate: Client certificate to use for establishing a secure connection.
To manage client certificates, go to Certificates.
Base DN: Base distinguished name (DN) for the server. The Base DN is the starting point relative to the root of the directory tree, where users are specified. Must be specified as a distinguished name (DN) in LDAP syntax. For example, O=Example,OU=RnD.
Click Get base DN to retrieve the Base DN from the directory.
Authentication attribute: Authentication attribute for searching the LDAP directory. The user authentication attribute contains the sign-in name each user is prompted for, for example, by remote access services.
Display name attribute: Name for the server, which is displayed to the user as the server user name.
Email address attribute: Alias for the configured email address, which is displayed to the user.
Group name attribute: Alias for the configured group name, which is displayed to the user.
Expiry date attribute: Expiry date displayed to the user. The attribute specifies how long a user account is valid.