Adding either an eDirectory, Apply/OpenLDAP Directory or a 389 Directory

Prerequisite

Procedure

Tip: In larger directories, it might be a good idea to narrow down the User search root so the Smoothwall doesn't have to look through the entire directory. For example, if all users who need to be authenticated have been placed in an organizational unit, the user search root can be narrowed down by adding ou=userunit in front of the domain base.

  1. On the SERVICES menu, under the Authentication submenu, click Directories.
  2. Click Add new directory and from the Tenants list, select the tenants to use this directory service.
  3. From the Type list, select either eDirectory, Apple/OpenLDAP Directory or 389 Directory.
  4. Enter the directory’s LDAP server IP address or host name.
  5. Enter the Username of a valid account. in the LDAP notation format.
  6. Enter the Password for the username entered previously. Reenter the password to Confirm it.
  7. Accept the default bind method, or:
  8. Enter the User search root, where in the directory the Smoothwall should start looking for user accounts. Usually, this is the top level of the directory. For example: ou=myusers,dc=mydomain,dc=local.
  9. Enter the Group search roots, where in the directory, the Smoothwall should start looking for user groups. Usually this is the same location as the user search root. For example: ou=mygroups,dc=mydomain,dc=local.
  10. Click Advanced options »:
    1. For the Cache timeout, either accept the default or specify the length of time the Smoothwall keeps a record of directory-authenticated users in its cache. The Smoothwall doesn't query the directory server for users who log out and log back in if their records are still in the cache.
    2. For the LDAP port, either accept the default or enter the LDAP port to use. LDAPs (SSL) is automatically used if you enter port number 636.
    3. Enter Extra user search roots, the directory-specific user search paths when working with a large directory structure, which contains multiple OUs and many users. Enter one search root per line.
    4. Enter Extra group search roots, where in the directory the Smoothwall System should start looking for more user groups. Enter one search roots per line.
    5. To configure subdomains by using DNS manually, enter the Extra realms by using this format: <realm><space><kdc_server>. For example: example.org kdc.example.org. Enter one realm per line.
    6. If you've selected Kerberos as the authentication method, to use DNS to discover Kerberos realms, turn on the Discover Kerberos realms through DNS option by selecting Enabled.
  11. Enter a descriptive Comment and click Add. The Smoothwall adds the directory to its list of directories and establishes the connection.

Follow-up task

Read more

About an LDAP Connection

Things you can do here

Mapping directory groups to local Smoothwall Filter and Firewall groups

Page reference details

Add new / Edit directory

Something not right? .