Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Add an LDAP server

To add an LDAP server, do as follows:

  1. Go to Authentication > Servers.
  2. Click Add.
  3. Select LDAP server as the Server type.
  4. Configure the server settings:

    • Server name: The name of the LDAP server.
    • Server IP/domain: The IP address of the LDAP server.
    • Version: LDAP version. Select 2 or 3.

      Restriction

      Google LDAP only supports 3.

    • Connection security: Connection security for the server. We recommend using encryption. Select from the following options:

      • Plaintext: Send user credentials as unencrypted plain text.

        Restriction

        Google LDAP doesn't support plaintext.

      • SSL/TLS: Use Secure Sockets Layer/Transport Layer Security to encrypt the connection.

      • STARTTLS: Upgrade a non-encrypted connection by wrapping it with SSL/TLS after or during the connection process. Uses the default port.
    • Port: You can specify a custom port to use for LDAP or keep the default setting.

    • Anonymous login: Allow anonymous requests to the LDAP server. Turn this off and specify a user name and password to bind user with the server.

      Restriction

      You can't use Anonymous login for Google LDAP.

    • Bind DN: Username for the server. It must be specified as a distinguished name (DN) in LDAP syntax. For example, uid=root,cn=user.

    • Password: Password for the server.
    • Append base DN: Use the base DN during the bind operation.

      Note

      You must turn off Append Base DN when using Google LDAP.

    • (Optional) Validate server certificate: When using a secured connection, validates the certificate on the external server.

    • (Optional) Client certificate: Client certificate to use for establishing a secure connection. To manage client certificates, go to Certificates.

      Note

      You must use the certificate generated from Google when using Google LDAP.

    • Base DN: Base distinguished name (DN) for the server. The Base DN is the starting point relative to the root of the directory tree, where users are specified. It must be specified as a distinguished name (DN) in LDAP syntax. For example, O=Example,OU=RnD. To retrieve the Base DN from the directory, click Get base DN.

    • Authentication attribute: Authentication attribute for searching the LDAP directory. The user authentication attribute contains the sign-in name each user is prompted for, for example, by remote access services.
    • (Optional) Display name attribute: Name for the server, which is displayed to the user as the server user name.
    • (Optional) Email address attribute: Alias for the configured email address, which is displayed to the user.

      Note

      Email address attribute is mandatory for Google LDAP group creation.

    • Group name attribute: Alias for the configured group name, which is displayed to the user.

    • Expiry date attribute: Expiry date displayed to the user. The attribute specifies how long a user account is valid.
  5. Click Test connection to validate the user credentials and check the connection to the server.

  6. Click Save to save your changes.