Administration Guide
163
Scenario 1: Configuring LDAP Authentication and Authorization
•
LDAP Server port. The port on which the LDAP server listens for connections. The default port
for LDAP connections is port 389.
•
LDAP Administrator Bind DN and LDAP Administrator Password. If the LDAP directory requires
applications to authenticate when accessing it, the administrator must know the name of the
user account that the Firebox SSL VPN Gateway should use for this authentication and the
password associated with this account.
•
LDAP Base DN. The base object of the directory (or level of the directory) where user names
are stored. All remote users must have a Person entry at this level of the directory. Some
example values are:
ou=Users,dc=ace,dc=com
cn=Users,dc=ace,dc=com
•
LDAP Server login name attribute. The attribute of an LDAP directory Person entry that
contains a user's name. The following table contains examples of the user name attribute
fields for different LDAP directories:
•
LDAP Group attribute - The attribute of a user's Person entry that lists the groups to which a
user belongs; for example, "memberOf." The LDAP Group attribute is used only for LDAP
authorization.
At this point, the administrator has completed all of the procedures needed to prepare for the
LDAP authentication and authorization configuration task. When this task is complete, the
administrator has the following information:
•
The specific network locations of all network resources that the remote Sales and Engineering
users must access
•
The names of the user groups in the LDAP directory that contain the Sales and Engineering
users who require remote access ("Remote Sales" and "Remote Engineers" in this example)
•
The specific LDAP directory information needed to configure the Firebox SSL VPN Gateway to
operate with the LDAP directory
With this information available, the administrator is now ready to configure the Firebox SSL VPN
Gateway to provide access to the internal network resources for the Sales and Engineering users.
Configuring the Firebox SSL VPN Gateway to Support Access to the Internal Network
Resources
Configuring the Firebox SSL VPN Gateway to support access to the internal network resources is the last
of two tasks the administrator performs in the scenario for configuring LDAP authentication and autho-
rization.
In this task, the administrator uses the information gathered in the previous task to configure the set-
tings in the Administration Tool that enable the remote users to access the internal network resources.
LDAP Server
User Attributes
Case Sensitive
Microsoft Active Directory
Server
sAM AccountName
No
Novell eDirectory
cn
Yes
IBM Directory Server
uid
Lotus Domino
CN
Sun ONE directory (formerly
iPlanet)
uid or cn
Yes
Summary of Contents for SSL 1000
Page 1: ...WatchGuard Firebox SSL VPN Gateway Administration Guide Firebox SSL VPN Gateway...
Page 40: ...Using the Firebox SSL VPN Gateway 30 Firebox SSL VPN Gateway...
Page 118: ...Setting the Priority of Groups 108 Firebox SSL VPN Gateway...
Page 146: ...Managing Client Connections 136 Firebox SSL VPN Gateway...
Page 168: ...Generating Trusted Certificates for Multiple Levels 158 Firebox SSL VPN Gateway...
Page 190: ...180 Firebox SSL VPN Gateway...
Page 198: ...188 Firebox SSL VPN Gateway...