Configure LDAP authentication
You can add existing LDAP users to the firewall. Adding the users to a dedicated group allows you to specify policies for these users. You add a group, add an LDAP server, and set the primary authentication method.
Objectives
When you complete this unit, you'll know how to do the following:
- Add a group for LDAP users and specify policies.
- Add and configure an LDAP server.
- Set the primary authentication method so that the firewall queries the LDAP server first and assigns LDAP users to the dedicated group.
Add an LDAP group
Create a dedicated group for LDAP users and specify access policies.
- Go to Authentication > Groups and click Add.
-
Specify the settings.
Note
For settings not listed here, use the default value.
Setting Value Group name LDAP
Surfing quota Unlimited internet access Access time Allowed all the time -
Click Save.
Add an LDAP server
Add an LDAP server that specifies a base DN.
You’ll need the following information to complete this task:
- Authentication attribute
-
Group name attribute
-
Go to Authentication > Servers and click Add.
-
Specify the settings.
Note
For settings not listed here, use the default value.
Setting Value Server type LDAP server Server name LDAP_Server
Server IP/domain 192.168.1.101
Connection security SSL/TLS Base DN DC=sophos,DC=com
Authentication attribute UID
Group name attribute GID
We recommend you use the
memberOf
attribute.Expiry date attribute Date
-
Click Test connection to validate the user credentials and check the connection to the server.
- Click Save.
Set primary authentication method
To query the LDAP server first, you set it as the primary authentication method. When users sign in to the firewall for the first time, they're automatically added as a member of the default group specified. In this case, you specify the LDAP group.