Integrating LDAP/Active Directory with Sonicwall UTM
SonicOS supports a range of different LDAP servers, the most popular being Active Directory (AD). AD is also an LDAP implementation. Please refer to the following paper as a supplement on how to configure LDAP settings.
http://www.sonicwall.com/downloads/LDAP_Integration_Feature_Module.pdf
LDAP over SSL
Integrating your SonicWALL appliance with an LDAP directory service using SSL requires configuring your LDAP server for certificate management, installing the correct certificate on your SonicWALL appliance, and configuring the SonicWALL appliance to use the information from the LDAP Server.
NOTE: SSL is not required for LDAP integration. The downside is that user credentials are sent across the network unencrypted. This is considered highly insecure.
Before beginning your LDAP configuration, you should prepare your LDAP server and your SonicWALL for LDAP over TLS support. This requires:
•Installing a server certificate on your LDAP server.
•Installing a Certificate Authority (CA) certificate for the issuing CA on your SonicWALL appliance.
The following procedures describe how to perform these tasks in an Active Directory environment.
Configuring the CA on the Active Directory Server
To configure the CA on the Active Directory server (skip the first five steps if Certificate Services are already installed):
Step 1: Navigate to Start > Settings > Control Panel > Add/Remove Programs.
Step 2: Select Add/Remove Windows Components.
Step 3: Select Certificate Services.
Step 4: Select Enterprise Root CA when prompted.
Step 5: Enter the requested information. For information about certificates on Windows systems, see
http://support.microsoft.com/kb/931125.
Step 6: Launch the Domain Security Policy application: Navigate to Start > Run and run the
command: dompol.msc.
Step 7: Open Security Settings > Public Key Policies.
Step 8: Right click Automatic Certificate Request Settings.
Step 9: Select New > Automatic Certificate Request.
Step 10: Follow through the wizard, and select Domain Controller from the list.
3