這問題在於,sonicwall 的需求是什麼,例如他吃怎樣的 ou 與怎樣的資料。
我使用如下的ldap setting, 就可以透過一些ldap工具(例如: JXplorer去訪問openldap)
IP: IPaddress: 389
Base DN: dc=ckhssl,dc=local
User DN: uid=root,ou=People,dc=ckhssl,dc=local
Password: pass123
以下就是sonicwall ssl vpn的admin guide一些關於ldap的設定
Step 1 Click Add Domain to display the Add New Domain dialog box.
Step 2 Select LDAP from the Authentication Type menu. The LDAP domain configuration fields is
displayed.
Step 3 Enter a descriptive name for the authentication domain in the Domain Name field. This is the
domain name users will select in order to log into the SonicWALL SSL VPN appliance user
portal. It can be the same value as the Server Address field.
Step 4 Enter the IP address or domain name of the server in the Server Address field.
Step 5 Enter the search base for LDAP queries in the LDAP baseDN field. An example of a search
base string is CN=Users,DC=yourdomain,DC=com.
Tip: It is possible for multiple OUs to be configured for a single domain by entering each OU on
a separate line in the LDAP baseDN field. In addition, any sub-OUs will be automatically
included when parents are added to this field.
Note: Do not include quotes (“”) in the LDAP BaseDN field.
Step 6 Enter the common name of a user that has been delegated control of the container that user
will be in along with the corresponding password in the Login Username and Login Password
fields.
Note: When entering Login Username and Login Password, remember that the SSL VPN
appliance binds to the LDAP tree with these credentials and users can log in with their
sAMAccountName.
Step 7 Enter the name of the layout in the Portal Name field. Additional layouts may be defined in the
Portals > Portals page.
Step 8 Optionally check the box next to Allow password changes (if allowed by LDAP server). This
option, if allowed by your LDAP server, will enable users to change their LDAP password during
an SSL VPN session.
Step 9 Optionally place a check in the box next to Require client digital certificates if you want to
require the use of client certificates for login. By checking this box, you require the client to
present a client certificate for strong mutual authentication.
Step 10 Optionally check the box next to One-time passwords to enable the One-time password
feature. A pull-down menu will appear, in which you can select if configured, required for all
users, or using domain name. The LDAP e-mail attribute pull-down menu will appear, in
which you can select mail, userPrincipalName, or custom. For more information about
configuring the One-time password feature using LDAP, refer to “Configuring One-time
Passwords” section on page 172.
Step 11 Click Submit to update the configuration and add the domain to the Domains Settings table.
