Configure LDAP Authentication

You can use LDAP to authenticate end users who access applications or services through Captive Portal and authenticate firewall or Panorama administrators who access the web interface.
You can also connect to an LDAP server to define policy rules based on user groups. For details, see Map Users to Groups.
  1. Add an LDAP server profile.
    The profile defines how the firewall connects to the LDAP server.
    1. Select
      Device
      Server Profiles
      LDAP
      and
      Add
      a server profile.
    2. Enter a
      Profile Name
      to identify the server profile.
    3. Add
      the LDAP servers (up to four). For each server, enter a
      Name
      (to identify the server),
      LDAP Server
      IP address or FQDN, and server
      Port
      (default 389).
      If you use an FQDN address object to identify the server and you subsequently change the address, you must commit the change for the new server address to take effect.
    4. Select the server
      Type
      .
    5. Enter the
      Bind Timeout
      and
      Search Timeout
      in seconds (default is 30 for both).
    6. Click
      OK
      to save the server profile.
  2. Assign the server profile to an Configure an Authentication Profile and Sequence to define various authentication settings.
  3. Assign the authentication profile to the firewall application that requires authentication.
  4. Verify that the firewall can Test Authentication Server Connectivity to authenticate users.

Related Documentation