Applies to all Web Security Gateway appliances using the Web Security Flex service.
In order to configure your Web Security Gateway to use eDirectory for single sign on, you will need to confirm the following:
• Your eDirectory deployment is version 22.214.171.124 or higher.
• All eDirectory replica servers must have plain text bind configured using the following steps from http://www.novell.com/communities/node/9089/configuring-ldap-tls-required-option.
- Login to the tree through iManager.
- Go to the Directory administration tab and then to the modify object tab.
- Select the LDAP Server object through the object browser and click ok.
- Now it can be seen that the 'Require TLS for all operations' check box is checked.
- Un-check that check box and click 'ok'.
- Again go back to the Directory Administration->Modify Object tab and select the LDAP group object through the object browser and click 'OK'.
- You can see that “Require TLS for Simple Binds with Password” option is enabled.
- Un-check this option and click Apply/OK.
- Now LDAP operations over the clear text layer can proceed.
Once you have confirmed the above, open a browser and login to the Flex portal at http://login.barracuda.com and perform the following steps:
- Go to Configuration>Gateway, and click on the gateway which requires eDirectory configuration.
- Set "Enable Local Enforcement Mode" to "Local Enforcement Mode" and click "Save Changes".
- Go to the Authentication tab and click Add LDAP Authentication Mechanism.
- Fill in the necessary information for your eDirectory server, and select Novell eDirectory for Server Type.
- Click Advanced Options. Enter groupMembership for the Member Groups Attribute field and member for the Group Members Attribute field (these are the typical eDirectory defaults).
- Click Save Changes.
- Perform steps 2 through 5 for each eDirectory replica in your environment.
- Under DC Agent Management, check Enable Single Signon On. Save Changes.
- By default, the WSG treats each eDirectory replica as an independent directory. To change this, please contact Barracuda Networks Technical Support and ask them to make the necessary changes to the Web Security Gateway to aggregate all replicas.
Link to this page: