SonicOS 7.1 Users
- SonicOS 7.1
- About SonicOS
- About User Management
- Using Local Users and Groups for Authentication
- Using RADIUS for Authentication
- Using LDAP/Active Directory/eDirectory Authentication
- Using RADIUS
- Using TACACS+
- Using Single Sign-On
- What is Single Sign-On?
- Benefits of SonicWall SSO
- Platforms and Supported Standards
- How Does Single Sign-On Work?
- How Does SSO Agent Work?
- How Does Terminal Services Agent Work?
- How Does Browser NTLM Authentication Work?
- How Does RADIUS Accounting for Single-Sign-On Work?
- Installing the Single Sign-On Agent and/or Terminal Services Agent
- Single Sign-On Advanced Features
- Configuring Access Rules
- Managing SonicOS with HTTP Login from a Terminal Server
- Viewing and Managing SSO User Sessions
- Multiple Administrator Support
- Configuring Users Status
- Configuring User Settings
- User Login Settings
- Setting the Authentication Method for Login
- Configuring RADIUS Authentication
- Configuring LDAP
- Configuring TACACS+
- Requiring User Names be Treated as Case-Sensitive
- Preventing Users From Logging in from More than One Location
- Forcing Users to Log In Immediately After Changing Their Passwords
- Displaying User Login Information Since the Last Login
- Setting the Single-Sign-On Methods
- One-Time Password Settings
- Configuring the User Web Login Settings
- Adding URLs to Authentication Bypass
- User Session Settings
- Accounting
- [[[Missing Linked File System.LinkedTitle]]]
- User Login Settings
- Configuring and Managing Partitions
- Configuring Local Users and Groups
- Configuring Guest Services
- Configuring Guest Accounts
- Managing Guest Status
- SonicWall Support
LDAP User Group Mirroring
LDAP User Group Mirroring provides automatic duplication of LDAP User Group configurations from an LDAP server to a SonicWall network security appliance. You can manage LDAP User Groups exclusively on the LDAP server and do not need to manually duplicate configurations on the firewall. User group configurations are periodically read from the LDAP server and copied to the firewall.
LDAP User Group names that are copied to the firewall include the domain name in the format, name@domain.com
. This ensures that user group names from various domains are unique.
These features and restrictions apply to mirrored LDAP User Groups:
- You can delete LDAP User Groups only on the LDAP server. They cannot delete the mirrored LDAP User Groups on the SonicWall network security appliance. When a user group is deleted on the LDAP server, its mirrored group on the firewall is also deleted automatically.
- You can edit LDAP User Group names (and their comment fields) only on the LDAP server. They cannot edit the mirrored LDAP User Group name or its comment field on the firewall. The comment field displays
Mirrored from LDAP
on the firewall. - You can add users as members to an LDAP User Group on the SonicWall network security appliance.
- You cannot add groups to other groups on the SonicWall network security appliance. Default user groups can only be configured on the LDAP server.
-
You can configure things such as VPNs, SSL VPNs, CFS policies, and ISP policies for LDAP User Groups on the SonicWall network security appliance (for more information about policies, see SonicOS 7 Policies.
LDAP User Groups are not deleted if they are configured in any Access Rules, App Control Rules, or other policies.
- When you disable LDAP User Group Mirroring, the mirrored user groups on the SonicWall network security appliance are not deleted. They are changed so you can delete them manually. Local mirrored user groups can be re-enabled if they have not been deleted manually.
- When the system creates a mirrored group on the SonicWall network security appliance, and the name of the mirrored group matches the name of an already existing, user-created (non-mirrored) local group, the local group is not replaced. The local group memberships are updated to reflect the group settings that are configured on the LDAP server.
- If the system finds a user group on the LDAP server with a name that is the same as one of the default user groups on the SonicWall Security Appliance, no mirrored user group is created on the SonicWall Security Appliance. The memberships in the default user group are updated to reflect the group settings that are configured on the LDAP server.
- For groups created before SonicOS 6.2, if a local user group exists on the SonicWall network security appliance with a simple name only (no domain) and that name matches the name of a user group on the LDAP server (which includes a domain), a new local user group is created on the SonicWall network security appliance and is given the same domain as the corresponding user group on the LDAP server. The original local user group is retained with no domain. Users of the original group are given memberships in the LDAP group, the new local mirrored group, and the original local group (with no domain).
Was This Article Helpful?
Help us to improve our support portal