Operation: Add LDAP Server / Test LDAP Server / Edit LDAP Server
Description: To Create/Edit/Test LDAP Server. It is used by appliance when user is required to be authenticated using LDAP Server. 

Sample Configuration
<AuthenticationServer> <LDAPServer> <!-- For LDAP Server --> <ServerName>name</ServerName> <ServerAddress>ipaddress</ServerAddress> <Port>port</Port> <Version>2/3</Version> <AnonymousLogin>Enable/Disable</AnonymousLogin> <!-- Below two tags will be used when AnonymousLogin is "Disable" --> <Administrator>username</Administrator> <Password>password</Password> <ConnectionSecurity>Simple/SSL/STARTTLS</ConnectionSecurity> <BaseDN>baseDN</BaseDN> <AuthenticationAttribute>uid</AuthenticationAttribute> <IntegrationType>LooseIntegration/TightIntegration</IntegrationType> <!-- Only For Tight Integration --> <DisplayNameAttribute>Text</DisplayNameAttribute> <EmailAddressAttribute>Text</EmailAddressAttribute> <GroupNameAttribute>attribute</GroupNameAttribute> <ExpiryDateAttribute>attribute</ExpiryDateAttribute> </LDAPServer> </AuthenticationServer>



Parameter Mandatory Default Description
ServerTypeNo  
Select Server type from the available options: LDAP Server, Active Directory or RADIUS Server.
ServerType confines to:
  • Type is 'SCALAR'.
  • Only '2' are allowed.
ServerNameYes  
Specify name for the LDAP Server.
ServerName confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Character not allowed: Comma (,)
  • Maximum characters allowed are 50.
  • UTF-8 character(s) are allowed.
ServerAddressYes  
Specify IP Address of the LDAP Server.
ServerAddress confines to:
  • Type is 'SCALAR'.
  • Datatype is 'IPADDRESS','IPADDRESS6','DOMAIN'.
  • Maximum characters allowed are 255.
  • IP Class other than 'MULTICAST', 'RESERVED', 'LOCALHOST', 'UNSPECIFIED', 'BROADCAST', 'LINKLOCAL' is allowed.
AnonymousLoginYes Enable 
Enable to log on to the LDAP Server as anonymous user where username and password is not to be sent.
AnonymousLogin confines to:
  • Type is 'SCALAR'.
  • Only '1', '0' are allowed.
VersionYes  
Select LDAP Version from the available options: 2 or 3.
Version confines to:
  • Type is 'SCALAR'.
  • Only '2', '3' are allowed.
AdministratorYes  
Specify local administrator user name to logon to the LDAP Server if 'Anonymous Login' is disabled.
Administrator confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Maximum characters allowed are 100.
PasswordNo  
Specify Password to logon to the LDAP Server if 'Anonymous Login' is disabled.
Password confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Maximum characters allowed are 50.
ConnectionSecurityYes  
Select the type of security for sending the user credentials in encrypted format.
ConnectionSecurity confines to:
  • Type is 'SCALAR'.
  • Only '1', '2', '3' are allowed.
Validate Server CertificateNo  
Select to validate the certificate of the LDAP Server.
Validate Server Certificate confines to:
  • Type is 'SCALAR'.
  • Only 'y', 'n' are allowed.
Client CertificateNo  
Select a Client Certificate for secured connection.
Client Certificate confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
BaseDNYes  
Specify the base distinguished name(DN)which is used as starting point for searching user in the directory service.
BaseDN confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
AuthenticationAttributeYes  
Specify Authentication attribute which is used for user search.
AuthenticationAttribute confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Maximum characters allowed are 100.
IntegrationTypeNo  
Select integration type which is used in setting the user group membership from the available options: Loose Integration or Tight Integration.
IntegrationType confines to:
  • Type is 'SCALAR'.
  • Only '1' are allowed.
DisplayNameAttributeNo  
Specify the name to be displayed to the user for the configured LDAP Server.
DisplayNameAttribute confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Maximum characters allowed are 30.
EmailAddressAttributeNo mail 
Specify name to be displayed to the user for configured Email Address.
EmailAddressAttribute confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Maximum characters allowed are 30.
GroupNameAttributeYes  
Specify the name to be displayed to the user for configured Group Name.
GroupNameAttribute confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Maximum characters allowed are 50.
ExpiryDateAttributeYes  
Specify attribute to be displayed to the user for configured Expiry date.
ExpiryDateAttribute confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Maximum characters allowed are 50.
BaseDNNo  
Specify the base distinguished name (Base DN) of the directory service or Click 'Get Base DN' to retrieve base DN.
BaseDN confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
PortYes 389 
Specify the port through which the Server communicates.
Port confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Allowed port range: 1 to 65535



Operation   Status   Message
Add LDAP Server200
Add LDAP Server500
Add LDAP Server502
Add LDAP Server503
Test LDAP Server200
Test LDAP Server500
Test LDAP Server541
Test LDAP Server542
Test LDAP Server543
Edit LDAP Server200
Edit LDAP Server500
Edit LDAP Server503

© Copyright 2019 Sophos Firewall Limited. All rights reserved.
Sophos Firewall is registered trademarks of Sophos Firewall Limited and Sophos Firewall Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.