Solution #00005879
Scope:
Answer:
The LDAP Authentication service identifies a database server supporting the LDAP protocol, which contains a set Authentication service. It is a unique identifier that identifies a set of users, groups and contains mapping between the groups and the users. Configuration of this page allows the Barracuda Web Application Firewall to communicate with an existing LDAP directory server, and authenticate a user.
To enable LDAP user authentication you need to go to Access Control > Authentication and select LDAP :
Enter information about your LDAP server:
Realm Name - Specifies the name of the realm under which the Barracuda Web Application Firewall admins are stored (A realm identifies a collection of users and groups. It specifies information, in a flat directory structure, such as where users are located and where groups are located.).
Server IP - Specifies the IP address of an external LDAP server used for authenticating users.
Server Port - Specifies the port address of the external LDAP server used for authenticating users.
The standard port for LDAP is port 389 for non-SSL connections and 636 for SSL connections.
- Range: 1 to 65535
- Default: 389
Values: none, ssl, starttls.
- none - Establishes a plain text connection.
- tls - Transport Layer Security (TLS) protocol enables client/server applications to establish a secure connection over the Internet. TLS allows client/server applications to communicate in a way that is designed to prevent tampering or message forgery.
- ssl - With SSL you can create a SSL socket and send/ receive LDAP messages over it. Typically LDAP server accepts SSL connections on port 636. The LDAP uri for this is defined as ldaps://
- Default: none
Bind DN - Specifies a Distinguished Name (DN) that can be used to query the LDAP server to search for the users/roles.
Example :
username
CN=username,OU=test,DC=domain,DC=com
Base DN - Specifies the base DN of the LDAP database used to specify the scope of any LDAP search.
Example :
DC=domain,DC=com
Bind Password - Specifies the password used for querying the LDAP server using the bind DN.
Login Attribute - Specifies the attributes of an LDAP object used for identifying the user. For example: uid, sAMAccountName.
Default: sAMAccountName
Group Name Attribute - Specifies the attributes of an LDAP object used for identifying the name of a group. For example: cn, sAMAccountName.
Default: sAMAccountName
Group Filter - Specifies the LDAP filter used to retrieve the list of groups of a user. The maximum allowable characters are 500.
Default: (&(objectClass=group)(member=%user_dn))
Query For Group - Specifies whether to look for the group or to look for individual user names for authentication. Select Yes to enable this to look for group for authentication.
- Values: Yes, No
- Default: Yes
Click on 'Test LDAP'. The Barracuda Web Application Firewall checks the information you provided. Check the test results displayed at the bottom of the page.
If the test fails, you can either correct settings as needed and repeat Step 4 -or- you can use the LDAP Discovery tool as described in the next step.
Test the entered values and view troubleshooting details and recommendations (if any):
- Click LDAP Discovery. The Barracuda Web Application Firewall checks the information you provided.
- Check the test results; Verified information is indicated with a green dot next to the field.
- Information that need to be corrected is indicated with a red dot next to the field.
- Note: If you want to view detailed query results, click Verbose.
- If any information is incorrect or missing, edit fields as needed and then repeat Step 5.
- After your settings have been validated, click Add to save your settings.
Link to this page: