Manuals / WatchGuard Technologies / Household Appliance / Water Heater

WatchGuard Technologies SSL VPN manual Using certificates for secure LDAP connections

Models: SSL VPN

1 198
Download 198 pages 26.5 Kb
Page 88
Image 88
Using certificates for secure LDAP connections

LDAP Authorization

For Active Directory, the group name specified as cn=groupname is required. The group name that is defined in the Firebox SSL VPN Gateway must be identical to the group name that is defined on the LDAP server.

For other LDAP directories, the group name either is not required or, if required, is specified as ou=groupname.

The Firebox SSL VPN Gateway binds to the LDAP server using the administrator credentials and then searches for the user. After locating the user, the Firebox SSL VPN Gateway unbinds the administrator credentials and rebinds with the user credentials.

5In LDAP Administrator Password, type the password.

6In LDAP Base DN (where users are located), type the Base DN under which users are located. Base DN is usually derived from the Bind DN by removing the user name and specifying the group where users are located. The following are examples of syntax for Base DN: “ou=Users,dc=ace,dc=com”

“cn=Users,dc=ace,dc=com”

7In LDAP Server login name attribute, type the attribute under which the Firebox SSL VPN Gateway should look for user logon names for the LDAP server that you are configuring. The default is cn. If Active Directory is used, type the attribute sAMAccountName.

8In LDAP Group Attribute, type the name of the attribute. The default is “memberOf.” This attribute enables the Firebox SSL VPN Gateway to obtain the groups associated with a user during authorization.

9Click Submit.

Using certificates for secure LDAP connections

You can use a secure client certificate with LDAP authentication and authorization. To use a client certif- icate, you must have an enterprise Certificate Authority, such as Certificate Services in Windows Server 2003, running on the same computer that is running Active Directory. You can create a client certificate using the Certificate Authority.

To use a client certificate with LDAP authentication and authorization, it must be a secure certificate using SSL. Secure client certificates for LDAP are uploaded to the Firebox SSL VPN Gateway.

To upload a secure client certificate for LDAP

1On the VPN Gateway Cluster tab, click the Administration tab.

2Next to Upload Private Key + Client Certificate for LDAP, click Browse.

3 Navigate to the client certificate and click Open.

Determining Attributes in your LDAP Directory

If you need help determining your LDAP Directory attributes, you can easily look them up with the free LDAP Browser from Softerra.

To install and set up the LDAP Browser

1Download the free LDAP Browser application from the Softerra LDAP Administrator Web site http:// www.ldapbrowser.com.

2Install LDAP Browser and open it.

3From the LDAP Browser window, choose File > New Profile and specify the following settings:

78

Firebox SSL VPN Gateway

Page 87 Page 89
Page 88
Image 88
WatchGuard Technologies SSL VPN Using certificates for secure LDAP connections, To install and set up the LDAP Browser
Page 87 Page 89