Selecting any of the predefined schemas will automatically populate the fields used by that schema with their correct values.

Selecting ‘User Defined’ will allow you to specify your own values – use this only if you have a specific or proprietary LDAP schema configuration.

Object class – Select the attribute that represents the individual user account to which the next two fields apply.

Login name attribute – Select one of the following to define the attribute that is used for login authentication:

sAMAccountName for Microsoft Active Directory

cn for Novell eDirectory

uid for others

Qualified login name attribute – Optionally select an attribute of a user object that sets an alternative login name for the user in name@domain format. This may be needed with multiple domains in particular, where the simple login name may not be unique across domains. By default, this is set to userPrincipalName for Microsoft Active Directory and mail RFC2798 inetOrgPerson. Note that userPrincipalName would allow login as, for example, “john.ourdomain.com” where mail would login as “john@ourdomain.com”.

User group membership attribute – Select the attribute that contains information about the groups to which the user object belongs. This is memberOf in Microsoft Active Directory. The other pre- defined schemas store group membership information in the group object rather than the user object, and therefore do not use this field.

Framed IP address attribute – Select the attribute that can be used to retrieve a static IP address that is assigned to a user in the directory. Currently it is only used for a user connecting via L2TP with the SonicWALL’s L2TP server to retrieve the IP address to assign to them from the directory. In the future this may also be supported for Global VPN Client. In Active Directory the static IP address is configured on the Dial-in tab of a user’s properties.

Step 7: On the Directory tab, configure the following fields:

7

Page 7
Image 7
SonicWALL SonicWALL UTM Appliance manual