LDAP Groups not mirroring
Jason_W
Newbie ✭
Hi,
We're just setting up a test/demo environment using a TZ300 to test SSO and LDAP for CFS. We've got the SSO connected fine and we've got LDAP connected, so far so good. What we don't appear to be seeing is the specific user groups in AD being mirrored in the Sonicwall.
E.G - OU created called Site Users then under that there are three sub groups Admin, Staff, Temp and in each of those subgroups there is a User OU and there we have the users Admin1, Admin2, Staff1, Staff2, Temp1 and Temp2
We want to be able to add different CFS Policies for the Admin, Staff and Temp OU's and if we add or remove user accounts from those groups they have the appropriate CFS policy applied.
I believe this is the way it is supposed to work with the Directory Connector handling the single sign on so that they don't have to authenticate every time they go onto the internet and then the LDAP Integration enables us to apply different CFS policies.
We are seeing groups showing up under mirroring but these are all the default groups but we're not seeing the DOMAIN/Site Users group that we've created in AD at all. I suspect that we've missed something obvious but we've been looking at this for a couple of days and probably got blinkered so if someone has got this working and can point us in the right direction we'd be most grateful.
Answers
Hi @Jason_W, see my comment in the below it should help
also don't use the (LDAP mirroring) you don't need this feature( this is for multiple Domains ) just import the groups.
you won't see the Users by importing the User Groups the SonicWall just uses the groups to check LDAP Group Membership when a user logs in, if you want to import specific users you need to import these under the Local Users Tab
See Here
https://www.sonicwall.com/support/knowledge-base/how-can-i-setup-cfs-policies-with-ldap-and-sso-to-restrict-internet-access-on-cfs-3-0/170505721991619/