Skip to content

LDAP server

Lightweight Directory Access Protocol is a networking protocol for querying and modifying directory services based on the X.500 standard.

The firewall uses the LDAP protocol to authenticate users for several services, allowing or denying access based on attributes or group memberships. The firewall also supports LDAPS/SLDAP (LDAP Secure or Secure LDAP) over Secure Sockets Layer (SSL) or Transport Layer Security (TLS).

General settings

Server IP/domain: Server IP address or domain.

Port: Server port.

Version: LDAP version.

Anonymous login: Allow anonymous requests to the LDAP server. Turn off and specify a username and password to bind the user with the server.

Username: Username for the server. Must be specified as a distinguished name (DN) in LDAP syntax. For example, uid=root,cn=user.

Password: Password for the server.

Connection security: Connection security for the server.

Note

We recommend you use encryption. Select one of the following: - Plaintext: Send user credentials as unencrypted plain text. - SSL/TLS: Use Secure Sockets Layer/Transport Layer Security to encrypt the connection. - STARTTLS: Upgrade a non-encrypted connection by wrapping it with SSL/TLS after or during the connection process. Uses the default port.

Validate server certificate: Validates the certificate on the external server for a secured connection.

Client certificate: Client certificate to use for establishing a secure connection.

Note

To manage client certificates, go to Certificates.

Base DN: Base distinguished name (DN) for the server. The Base DN is the starting point relative to the root of the directory tree, where users are specified. Must be specified as a distinguished name (DN) in LDAP syntax. For example, O=Example,OU=RnD.

Tip

Click Get base DN to retrieve the Base DN from the directory.

Authentication attribute: Authentication attribute for searching the LDAP directory. The user authentication attribute contains the sign-in name each user is prompted for, for example, by remote access services.

Display name attribute: Name for the server shown to the user as the server username.

Email address attribute: Alias for the configured email address shown to the user.

Group name attribute: Alias for the configured group name shown to the user.

Expiry date attribute: Expiry date shown to the user. The attribute specifies how long a user account is valid.

More resources