Configure LDAP Authentication

You can use LDAP to authenticate end users who access applications or services through Captive Portal and authenticate firewall or Panorama administrators who access the web interface.
You can also connect to an LDAP server to define policy rules based on user groups. For details, see Map Users to Groups.
  1. Add an LDAP server profile.
    The profile defines how the firewall connects to the LDAP server.
    1. Select DeviceServer ProfilesLDAP and Add a server profile.
    2. Enter a Profile Name to identify the server profile.
    3. Add the LDAP servers (up to four). For each server, enter a Name (to identify the server), LDAP Server IP address or FQDN, and server Port (default 389).
      If you use an FQDN address object to identify the server and you subsequently change the address, you must commit the change for the new server address to take effect.
    4. Select the server Type.
    5. Enter the Bind Timeout and Search Timeout in seconds (default is 30 for both).
    6. Click OK to save the server profile.
  2. Assign the server profile to an Configure an Authentication Profile and Sequence to define various authentication settings.
  3. Assign the authentication profile to the firewall application that requires authentication.
  4. Verify that the firewall can Test Authentication Server Connectivity to authenticate users.

Related Documentation