SonicOS 7.0 Anti-Spam

LDAP Configuration > Adding an LDAP Server
Table of Contents

Adding an LDAP Server

Configure a new LDAP server to enable per-user access and management.

Anti-Spam uses your existing Active Directory or LDAP server to authenticate end users as they log in to their personal Junk Boxes. The POLICY | Anti-Spam > LDAP Configuration page must be correctly filled out to return the complete list of users who are allowed to log in to their Junk Box. If a user does not appear in this list, their email is filtered, but they cannot log in to their personal junk boxes.

Correctly filling out the LDAP configuration requires completing the LDAP Configuration tab, LDAP Query Panel tab, and the Add LDAP Mapping tab.

To add an LDAP server

  1. Navigate to POLICY | Anti-Spam > LDAP Configuration.

  2. Click +Add LDAP. The Add LDAP Server dialog appears.

  3. Optionally, on the LDAP Configuration tab, enable the Show Enhanced LDAP Mappings fields option. When this option is enabled, fields for a secondary server display.
  4. To have the fields in the LDAP Query Panel completed automatically, ensure the Auto-fill LDAP Query fields when saving configuration option is enabled. This option is selected by default.

  5. On the LDAP Configuration tab, configure the new LDAP server’s settings:

    The primary and secondary names and IP addresses can be up to 200 alphanumeric characters including a hyphen (-) and period (.), but no spaces. Examples:

    192.168.4.100

    host-name123.com

    • Friendly Name—Enter a friendly name for the LDAP server. The default name is ldapservern, where n is a sequential number.
    • Primary Server name or IP—The server name or IP address of the LDAP Server.
    • Port—The port number of the LDAP Server. The default port number is 389.

    • Secondary Server or IP—The server name or IP address of the secondary LDAP Server.

      The Secondary Server name or IP address and Port number options, in red, display only if you selected Show Enhanced LDAP Mapping fields in the Settings section.

    • Secondary server port—The port number of the secondary LDAP Server. The default port number is 389.
    • LDAP server type—Select from the drop-down menu:
      • Active Directory
      • Exchange
      • Open LDAP
      • Lotus-Domino
      • iPlanet
      • Other
    • Managed Domains—Comma delimited alphanumeric: allows hyphen, dot, but no spaces; max 200 characters. Separate multiple domains with a comma. Example: company.com, payroll.company.com, net-engr.com

    • LDAP page size—Enter the maximum page size to be queried on the LDAP Server. The default is 100.

      Many LDAP servers, including Active Directory, have a setting that specifies the maximum page size to be queried. If the LDAP Page Size setting exceeds that maximum page size, performance problems may occur on both the LDAP server and on . In the rare circumstances that this needs to be adjusted, consult SonicWall Technical Support.

    • Requires SSL—To have the LDAP Server require SSL, select this checkbox. This option is not selected by default.
    • Allow LDAP Referrals—Select this option if you have multiple LDAP servers, each of which may have different information. When LDAP referral is enabled, one LDAP server can delegate parts of a login request for information to other LDAP servers that have more information. This delegation is called a referral and occurs when an administrator or user logs in. A referred login request can be very slow, taking 20 seconds or more. This setting is not selected by default.

    To speed log ins for administrators and users, disable this option if you have:

    • Only one LDAP server.
    • Two or more LDAP servers that all share the same information.

    It is safe to disable referrals and then test whether any users are blocked from logging in. No data or settings are lost.

  6. Configure the LDAP login method for users:

    • Allow Anonymous (default) – Many LDAP servers are configured to provide the list of users to anyone who asks. This is called Anonymous Bind.

      Select this option first, then test it; see Step 9.

    • Login – If the Anonymous bind option failed, select this option. You then need to provide a username and password to get LDAP to return the list of users.

  7. If you selected Login, Specify the Username and Password.

    Username is the credential used to allow a user access to the LDAP resource. Each type of LDAP server has a format for a log in name. Use the format appropriate for your server.

    To see examples of the different formats, click the Question Mark icon by the Login name field.

  8. To test the settings you just configured, click Test LDAP Login. The Test Results message displays.
  9. Click Save Changes to finish adding an LDAP Server.