Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Configure LDAP authentication

You can add existing LDAP users to the firewall. Adding the users to a dedicated group allows you to specify policies for these users. You add a group, add an LDAP server, and set the primary authentication method.

Objectives

When you complete this unit, you'll know how to do the following:

  • Add a group for LDAP users and specify policies.
  • Add and configure an LDAP server.
  • Set the primary authentication method so that the firewall queries the LDAP server first and assigns LDAP users to the dedicated group.

Add an LDAP group

Create a dedicated group for LDAP users and specify access policies.

  1. Go to Authentication > Groups and click Add.
  2. Specify the settings.

    Note

    For settings not listed here, use the default value.

    Setting Value
    Group name LDAP
    Surfing quota Unlimited internet access
    Access time Allowed all the time
  3. Click Save.

Add an LDAP server

Add an LDAP server that specifies a base DN.

You’ll need the following information to complete this task:

  • Authentication attribute
  • Group name attribute

  • Go to Authentication > Servers and click Add.

  • Specify the settings.

    Note

    For settings not listed here, use the default value.

    Setting Value
    Server type LDAP server
    Server name LDAP_Server
    Server IP/domain 192.168.1.101
    Connection security SSL/TLS
    Base DN DC=sophos,DC=com
    Authentication attribute UID
    Group name attribute

    GID

    We recommend you use the memberOf attribute.

    Expiry date attribute Date
  • Click Test connection to validate the user credentials and check the connection to the server.

  • Click Save.

Set primary authentication method

To query the LDAP server first, you set it as the primary authentication method. When users sign in to the firewall for the first time, they're automatically added as a member of the default group specified. In this case, you specify the LDAP group.

  1. Go to Authentication > Services.
  2. In the authentication server list, select LDAP_Server.
  3. Move the server to the first position in the list of selected servers.
  4. For the default group, select LDAP.

    LDAP server as primary authentication server.

  5. Click Apply.