Skip to content

Configure LDAP authentication

You can add existing LDAP users to the firewall. Adding the users to a dedicated group allows you to specify policies for these users. You add a group, add an LDAP server, and set the primary authentication method.

Objectives

To configure LDAP authentication, do as follows:

  • Add a group for LDAP users and specify policies.
  • Add and configure an LDAP server.
  • Set the primary authentication method so that the firewall queries the LDAP server first and assigns LDAP users to the dedicated group.

Add an LDAP group

Create a dedicated group for LDAP users and specify access policies.

  1. Go to Authentication > Groups and click Add.
  2. Specify the settings.

    Note

    For settings not listed here, use the default value.

    Option Value
    Group name LDAP
    Surfing quota Unlimited internet access
    Access time Allowed all the time
  3. Click Save.

Add an LDAP server

Add an LDAP server that specifies a base DN.

You must have the following information to complete this task:

  • Authentication attribute
  • Group name attribute

  • Go to Authentication > Servers and click Add.

  • Specify the settings.

    Note

    For settings not listed here, use the default value.

    Option Value
    Server type LDAP server
    Server name LDAP_Server
    Server IP/domain 192.168.1.101
    Connection security SSL/TLS
    Base DN DC=sophos,DC=com
    Authentication attribute UID
    Group name attribute GID
    Expiry date attribute Date
  • Click Test connection to validate the user credentials and check the connection to the server.

  • Click Save.

Set the primary authentication method

To query the LDAP server first, you set it as the primary authentication method. When users sign in to the firewall for the first time, they're automatically added as a member of the default group specified. In this case, you specify the LDAP group.

  1. Go to Authentication > Services.
  2. In the authentication server list, select LDAP_Server.
  3. Move the server to the first position in the list of selected servers.
  4. For the default group, select LDAP.

    LDAP server as primary authentication server

  5. Click Apply.