It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Application Firewall

How do I integrate LDAP authentication with the Barracuda Web Application Firewall?

  • Type: Knowledgebase
  • Date changed: 2 years ago

Solution #00005879


This solution applies to the Barracuda Web Application Firewall, all firmware versions.

The LDAP Authentication service identifies a database server supporting the LDAP protocol, which contains a set Authentication service. It is a unique identifier that identifies a set of users, groups and contains mapping between the groups and the users. Configuration of this page allows the Barracuda Web Application Firewall to communicate with an existing LDAP directory server, and authenticate a user.

To enable LDAP user authentication you need to go to Access Control > Authentication and select LDAP :

Enter information about your LDAP server:

Realm Name - Specifies the name of the realm under which the Barracuda Web Application Firewall admins are stored (A realm identifies a collection of users and groups. It specifies information, in a flat directory structure, such as where users are located and where groups are located.).

Server IP - Specifies the IP address of an external LDAP server used for authenticating users.

Server Port - Specifies the port address of the external LDAP server used for authenticating users.
The standard port for LDAP is port 389 for non-SSL connections and 636 for SSL connections.
  • Range: 1 to 65535
  • Default: 389
Secure Connection Type - Specifies the type of secure connection to be used by Barracuda Web Application Firewall when querying the LDAP database for user authentication and role retrieval.
Values: none, ssl, starttls.
  • none - Establishes a plain text connection.
  • tls - Transport Layer Security (TLS) protocol enables client/server applications to establish a secure connection over the Internet. TLS allows client/server applications to communicate in a way that is designed to prevent tampering or message forgery.
  • ssl - With SSL you can create a SSL socket and send/ receive LDAP messages over it. Typically LDAP server accepts SSL connections on port 636. The LDAP uri for this is defined as ldaps://
  • Default: none
Enter information about a user in your LDAP directory that has read access to all the users in LDAP directory:

Bind DN - Specifies a Distinguished Name (DN) that can be used to query the LDAP server to search for the users/roles.
Example :

Base DN - Specifies the base DN of the LDAP database used to specify the scope of any LDAP search.
Example :

Bind Password - Specifies the password used for querying the LDAP server using the bind DN.

Login Attribute - Specifies the attributes of an LDAP object used for identifying the user. For example: uid, sAMAccountName.
Default: sAMAccountName

Group Name Attribute - Specifies the attributes of an LDAP object used for identifying the name of a group. For example: cn, sAMAccountName.
Default: sAMAccountName

Group Filter - Specifies the LDAP filter used to retrieve the list of groups of a user. The maximum allowable characters are 500.
Default: (&(objectClass=group)(member=%user_dn))

Query For Group - Specifies whether to look for the group or to look for individual user names for authentication. Select Yes to enable this to look for group for authentication.
  • Values: Yes, No
  • Default: Yes

Click on 'Test LDAP'. The Barracuda Web Application Firewall checks the information you provided. Check the test results displayed at the bottom of the page.

If the test fails, you can either correct settings as needed and repeat Step 4 -or- you can use the LDAP Discovery tool as described in the next step.

Test the entered values and view troubleshooting details and recommendations (if any):
  • Click LDAP Discovery. The Barracuda Web Application Firewall checks the information you provided.
  • Check the test results; Verified information is indicated with a green dot next to the field.
  • Information that need to be corrected is indicated with a red dot next to the field.
    • Note: If you want to view detailed query results, click Verbose.
    • If any information is incorrect or missing, edit fields as needed and then repeat Step 5.
  • After your settings have been validated, click Add to save your settings.

Link to this page: