Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

LDAP GROUPS IMPORTATION

TheSonicFwTheSonicFw Newbie ✭
in Virtual Firewall

Hi Everyone,

I'm using an Nsv 200 with sonicos 6.5 as firmware.

I successfully integrate LDAP with the firewall, my issue is when i import a group from my AD Server it imported but it has no members on it, knowing that in my AD server it contains users.

I tried to import users first then import groups but still same problem, group imported with no members assigned to them.

Any help Please,

Many Thanks.

Category: Virtual Firewall
Reply
Tagged:

Best Answer

  • CORRECT ANSWER
    SonicAdmin80SonicAdmin80 Cybersecurity Overlord ✭✭✭
    Answer ✓

    No there shouldn't be a need to create users manually, at least for SSL-VPN which is where I've used it. I'm not that familiar with using external users in rules, so you might have to use "Mirror LDAP user groups locally" and periodically refresh the users automatically or use the Directory Connector like @BWC said. That "Memberships are set by the user's location in the LDAP directory" might also work.

Answers

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @TheSonicFw the LDAP group import is just a reference to the LDAP group and does not hold any members.

    What do you wanna use the LDAP groups for? If it's for SSLVPN you need to manually assign the users, if you wanna use it for CFS etc you need to deploy the Directory Connector which communicates with the Firewall to provide SSO information, if we're talking AD.

    --Michael@BWC

  • TheSonicFwTheSonicFw Newbie ✭

    Thanks a lot @BWC for your reply, so for me working with other firewalls like Fortigate, for example when i import a group from ldap i don't need to import users also, i can simply use that group and authenticate with the users on it that are created on ldap server.

    I wounder if i can do that in sonicwall or not? or SSO is the only way to do it?

    cause i want Active authentication where user has to enter his credentials to loggin not passive auth like SSO.

    I hope that i make myself clear, and Thanks again.


    Best Regards.

  • SonicAdmin80SonicAdmin80 Cybersecurity Overlord ✭✭✭

    You don't need to specifically import users with SonicWall either. If you imported the group, SonicWall will dynamically check the members of that group and create local users in the firewall for them when needed.

  • TheSonicFwTheSonicFw Newbie ✭

    Thank you @SonicAdmin80 for your reply i did try that. i create a group on LDAP and i assigned ldap users to it, when i import it to sonicwall it did not import the users with it.

    If i use that group in a rule and i want to authenticate with one of the users assigned to it, it doesn't work.

    should i create the group manually and choose "Memberships are set by the user's location in the LDAP directory"?

Sign In or Register to comment.