Add LDAP Server

This page describes how to add a LDAP server.

  1. Go to Device Configuration > Configure > Authentication > Authentication Server and click Add.
  2. Select the server type LDAP Server.
  3. Enter values for the following settings:
    Server Name
    Enter a descriptive name for the LDAP server.
    Server IP/Domain
    Enter an IP address or domain for the LDAP server.
    Enter the port of the LDAP server. By default, this is port 389.
    Select the version of the LDAP server.
    Anonymous Login
    Enable to send anonymous requests to the LDAP server. Disable to bind user with the server.
    (not with Anonymous Login)
    Enter a name for the bind user.
    (not with Anonymous Login)
    Enter a password for the bind user.
    Connection Security
    Select the connection security for the LDAP server:
    • Simple: User credentials will be send unencrypted, for example, as clear text.
    • SSL: Secure Sockets Layer. This is the most common method used for secured connection. The Port will then change from 389 (LDAPClosed) to 636 (ldaps = LDAP over SSL).
    • TLS: Transport Layer Security. Same secure connection as SSL but uses the default port.
    Validate Server Certificate
    (not with Simple Connection Security)
    Enable to validate the certificate on the external server.
    Client Certificate
    Select a client certificate from the list to establish a secured connection. If you do not want a client certificate, select None.
    Note You can manage client certificates under Objects > Identity > Certificate.
    Base DN
    Enter the Base DN for the LDAP server. The Base DN is the starting point relative to the root of the LDAP tree where the users are included who are to be authenticated. Note that the Base DN must be specified by the Fully Distinguished Name (FDN) in LDAP notation, using commas as delimiters (e.g., O=Example,OU=RnD).
    Get Base DN
    Click Get Base DN if you are not aware about the Base DN. The Base DN is automatically retrieved from the directory.
    Authentication Attribute
    Enter an authentication attribute for searching the LDAP directory. The user authentication attribute contains the actual sign-in name each user is prompted for, for example by remote access services.
    Display Name Attribute
    Enter the name for the LDAP server which is displayed as LDAP username.
    Email Address Attribute
    Enter the alias for the configured email address which is displayed to the user.
    Group Name Attribute
    Enter the alias for the configured group name which is displayed to the user.
    Expire Date Attribute
    Enter the user expire date displayed to the user. The attribute specifies how long a user account is valid.
    Figure: Add External Server
  4. Click Test Connection to check the connectivity between LDAP and the Sophos XG Firewall. It also validates LDAP user credentials.
  5. Click Save.
The LDAP server is now available and appears in the Authentication Server list.