Using Certificates For Secure Ldap Connections; Determining Attributes In Your Ldap Directory - Watchguard SSL 1000 User Manual

Vpn gateway

Hide thumbs Also See for SSL 1000:

Setup manual (6 pages)

Hardware manual (31 pages)

Quick reference manual (2 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

Table of Contents

LDAP Authorization

For Active Directory, the group name specified as cn=groupname is required. The group name that

is defined in the Firebox SSL VPN Gateway must be identical to the group name that is defined on

the LDAP server.

For other LDAP directories, the group name either is not required or, if required, is specified as

ou=groupname.

The Firebox SSL VPN Gateway binds to the LDAP server using the administrator credentials and then

searches for the user. After locating the user, the Firebox SSL VPN Gateway unbinds the

administrator credentials and rebinds with the user credentials.

In LDAP Administrator Password, type the password.

In LDAP Base DN (where users are located), type the Base DN under which users are located.

Base DN is usually derived from the Bind DN by removing the user name and specifying the group

where users are located. The following are examples of syntax for Base DN:

"ou=Users,dc=ace,dc=com"

"cn=Users,dc=ace,dc=com"

In LDAP Server login name attribute, type the attribute under which the Firebox SSL VPN

Gateway should look for user logon names for the LDAP server that you are configuring. The default

is cn. If Active Directory is used, type the attribute sAMAccountName.

In LDAP Group Attribute, type the name of the attribute. The default is "memberOf. " This attribute

enables the Firebox SSL VPN Gateway to obtain the groups associated with a user during

authorization.

Click Submit.

Using certificates for secure LDAP connections

You can use a secure client certificate with LDAP authentication and authorization. To use a client certif-

icate, you must have an enterprise Certificate Authority, such as Certificate Services in Windows Server

2003, running on the same computer that is running Active Directory. You can create a client certificate

using the Certificate Authority.

To use a client certificate with LDAP authentication and authorization, it must be a secure certificate

using SSL. Secure client certificates for LDAP are uploaded to the Firebox SSL VPN Gateway.

To upload a secure client certificate for LDAP

On the VPN Gateway Cluster tab, click the Administration tab.

Next to Upload Private Key + Client Certificate for LDAP, click Browse.

Navigate to the client certificate and click Open.

Determining Attributes in your LDAP Directory

If you need help determining your LDAP Directory attributes, you can easily look them up with the free

LDAP Browser from Softerra.

To install and set up the LDAP Browser

Download the free LDAP Browser application from the Softerra LDAP Administrator Web site http://

www.ldapbrowser.com.

Install LDAP Browser and open it.

From the LDAP Browser window, choose File > New Profile and specify the following settings:

Firebox SSL VPN Gateway

Table of Contents

Troubleshooting

This manual is also suitable for:

Ssl 500 Firebox ssl series

Using Certificates For Secure Ldap Connections; Determining Attributes In Your Ldap Directory - Watchguard SSL 1000 User Manual

Using certificates for secure LDAP connections

Determining Attributes in your LDAP Directory

Troubleshooting

Related Manuals for Watchguard SSL 1000

Related Content for Watchguard SSL 1000

This manual is also suitable for:

Table of Contents