Add eDirectory Server

This page describes how to add a eDirectory server.

  1. Go to Device Configuration > Configure > Authentication > Authentication Server and click Add.
  2. Select the server type eDirectory.
  3. Enter values for the following settings:
    Server Name
    Enter a descriptive name for the eDirectory server.
    Server IP/Domain
    Enter an IP address or domain for the eDirectory server.
    Port
    Enter the port of the eDirectory server. By default, this is port 389.
    Connection Security
    Select the connection security for the eDirectory server:
    • Simple: User credentials will be send unencrypted, for example, as clear text.
    • SSL: Secure Sockets Layer. This is the most common method used for secured connection. The Port will then change from 389 (LDAPClosed) to 636 (ldaps = LDAP over SSL).
    • TLS: Transport Layer Security. Same secure connection as SSL but uses the default port.
    Validate Server Certificate
    (not with Simple)
    Enable to validate the certificate on the external server.
    Client Certificate
    Select a client certificate from the list to establish a secured connection. If you do not want a client certificate, select None.
    Note You can manage client certificates under Objects > Identity > Certificate.
    Base DN
    Enter the Base DN for the eDirectory server. The Base DN is the starting point relative to the root of the eDirectory tree where the users are included who are to be authenticated. Note that the Base DN must be specified by the Fully Distinguished Name (FDN) in LDAP notation, using commas as delimiters (e.g., O=Example,OU=RnD).
    Get Base DN
    Click Get Base DN if you are not aware about the Base DN. The Base DN is automatically retrieved from the directory.
    Figure: Add External Server
  4. Click Test Connection to check the connectivity between the eDirectory server and the Sophos XG Firewall. It also validates eDirectory server user credentials.
  5. Click Save.
The eDirectory server is now available and appears in the Authentication Server list.