SonicOS 7.0 Users
- SonicOS 7.0 Users
- About User Management
- Using Local Users and Groups for Authentication
- Using RADIUS for Authentication
- Using LDAP/Active Directory/eDirectory Authentication
- Using RADIUS
- Using TACACS+
- Using Single Sign-On
- What is Single Sign-On?
- Benefits of SonicWall SSO
- Platforms and Supported Standards
- How Does Single Sign-On Work?
- How Does SSO Agent Work?
- How Does Terminal Services Agent Work?
- How Does Browser NTLM Authentication Work?
- How Does RADIUS Accounting for Single-Sign-On Work?
- Installing the Single Sign-On Agent and/or Terminal Services Agent
- Single Sign-On Advanced Features
- Configuring Access Rules
- Managing SonicOS with HTTP Login from a Terminal Server
- Viewing and Managing SSO User Sessions
- Multiple Administrator Support
- Configuring Users Status
- Configuring User Settings
- User Login Settings
- Setting the Authentication Method for Login
- Configuring RADIUS Authentication
- Configuring LDAP
- Configuring TACACS+
- Requiring User Names be Treated as Case-Sensitive
- Preventing Users From Logging in from More than One Location
- Forcing Users to Log In Immediately After Changing Their Passwords
- Displaying User Login Information Since the Last Login
- Setting the Single-Sign-On Methods
- One-Time Password Settings
- Configuring the User Web Login Settings
- Adding URLs to Authentication Bypass
- User Session Settings
- Accounting
- [[[Missing Linked File System.LinkedTitle]]]
- User Login Settings
- Configuring and Managing Partitions
- Configuring Local Users and Groups
- Configuring Guest Services
- Configuring Guest Accounts
- Managing Guest Status
- SonicWall Support
Capturing LDAP Over TLS Messages
To capture decrypted LDAP over TLS (LDAPS) packets
- Navigate to Tools > Packet Monitor.
- In the Hex Dump section, click Configure. The Packet Monitor Configuration dialog displays.
- Click Advanced Monitor Filter.
- Select Monitor intermediate Packets.
- Select Monitor intermediate decrypted LDAP over TLS packets.
- Click OK.
The packets are marked with (ldp) in the ingress/egress interface field. They have dummy Ethernet, TCP, and IP headers, so some values in these fields might not be correct. The LDAP server port is set to 389 so that an external capture analysis program (such as Wireshark) knows to decode these packets as LDAP. Passwords in captured LDAP bind requests are obfuscated. The LDAP messages are not decoded in the Packet Monitor display, but the capture can be exported and displayed in WireShark to view them decoded.
This enables decrypted LDAPS packets to be fed to the packet monitor, but any monitor filters are still applied to them.
LDAPS capture only works for connections from the firewall’s LDAP client, and does not display LDAP over TLS connections from an external LDAP client that pass through the firewall.
Was This Article Helpful?
Help us to improve our support portal