Group Configuration For Ldap Authentication Domains - SonicWALL SSL-VPN 2000 Administrator's Manual

Citrix Portal (Citrix)
Click Add to update the configuration. Once the configuration has been updated, the new group
Step 6
bookmark will display in the Edit Group Settings window.

Group Configuration for LDAP Authentication Domains

The Microsoft Active Directory database uses an LDAP organization schema. The Active
Note
Directory database may be queried using Kerberos authentication (the standard
authentication type; this is labeled "Active Directory" domain authentication in the
SonicWALL SSL VPN management interface), NTLM authentication (labeled NT Domain
authentication in SonicWALL SSL VPN management interface), or using LDAP database
queries. An LDAP domain configured in the SonicWALL SSL VPN management interface
can authenticate to an Active Directory server.
LDAP (Lightweight Directory Access Protocol) is a standard for querying and updating a
directory. Since LDAP supports a multilevel hierarchy (for example, groups or organizational
units), the SonicWALL SSL-VPN appliance can query this information and provide specific
group policies or bookmarks based on LDAP attributes. By configuring LDAP attributes, the
SonicWALL SSL-VPN appliance administrator can leverage the groups that have already been
configured in an LDAP or Active Directory database, rather than needing to manually recreate
the same groups in the SonicWALL SSL-VPN appliance.
Once an LDAP authentication domain is created, a default LDAP group will be created with the
same name as the LDAP domain name. Although additional groups may be added or deleted
from this domain, the default LDAP group may not be deleted. If the user for which you created
LDAP attributes enters the Virtual Office home page, the bookmark you created for the group
the user is in will display in the Bookmarks Table.
For an LDAP group, you may define LDAP attributes. For example, you can specify that users
in an LDAP group must be members of a certain group or organizational unit defined on the
LDAP server. Or you can specify a unique LDAP distinguished name.
To add an LDAP attribute for a group so that a user will have a bookmark assigned when
entering the Virtual Office environment, perform the following steps:
Navigate to the Portals > Domains page and click Add Domain to display the Add New
Step 1
Domain dialog box.
Optionally select Automatically log in and select Use SSL VPN account credentials
–
to forward credentials from the current SSL VPN session for login to the RDP server.
Select Use custom credentials to enter a custom username, password, and domain
for this bookmark. For more information about custom credentials, see
Bookmarks with Custom SSO Credentials" section on page
Optionally select HTTPS Mode to use HTTPS to securely access the Citrix Portal.
–
Optionally, select Always use Java in Internet Explorer to use Java to access the
–
Citrix Portal when using Internet Explorer. Without this setting, a Citrix ICA client or
XenApp plugin (an ActiveX client) must be used with IE. This setting lets users avoid
installing a Citrix ICA client or XenApp plugin specifically for IE browsers. Java is used
with Citrix by default on other browsers and also works with IE. Enabling this checkbox
leverages this portability.
SonicWALL SSL VPN 4.0 Administrator's Guide
Users > Local Groups
"Creating
223.
239