Filter
Top Products
User Management
999
SonicOS 5.8.1 Administrator Guide
Using LDAP / Active Directory / eDirectory Authentication
Lightweight Directory Access Protocol (LDAP) defines a directory services structure for storing
and managing information about elements in your network, such as user accounts, user groups,
hosts, and servers. Several different standards exist that use LDAP to manage user account,
group, and permissions. Some are proprietary systems like Microsoft Active Directory which
you can manage using LDAP. Some are open standards SAMBA, which are implementations
of the LDAP standards. Some are proprietary systems like Novell eDirectory which provide an
LDAP API for managing the user repository information.
In addition to RADIUS and the local user database, SonicOS Enhanced supports LDAP for user
authentication, with support for numerous schemas including Microsoft Active Directory (AD),
Novell eDirectory directory services, and a fully configurable user-defined option that should
allow it to interact with any schema.
Microsoft Active Directory also works with SonicWALL Single Sign-On and the SonicWALL SSO
Agent. For more information, see “Single Sign-On Overview” on page 1002.
LDAP Directory Services Supported in SonicOS Enhanced
In order to integrate with the most common directory services used in company networks,
SonicOS Enhanced supports integration with the following LDAP schemas:
• Microsoft Active Directory
• RFC2798 InetOrgPerson
• RFC2307 Network Information Service
• Samba SMB
• Novell eDirectory
• User-defined schemas
E7500
Network Security Appliance
Internet
User
Workstation
LDAP Server
1
2
3
4
5
6
7
2
3
4
5
6
7
1
User attempts to access the web.
SNWL requires authentication of the User:
redirects workstation to authenticate.
User authenticates with credentials.
SonicWALL requests information from LDAP
Server about User.
LDAP Server responds with User Group
Membership information.
LDAP Group Membership is compared against
SonicWALL Group Membership for accessing privileges.
SNWL authorizes or denies access based on User privileges.