Hi,
When configuring authentication in Sophos XG to use openLDAP, we found a weird behavior.
The UTM combines the bind-dn with the base-dn and sends the result as a bind-dn to the LDAP server along with the password, for example :
if bind-dn = "cn=Directory Manager" and the base-dn = "ou=people,dc=example,dc=com" the bind-dn sent to the LDAP server is : "cn=Directory Manager,ou=people,dc=example,dc=com" which is incorrect.
As a workaround we used the admin account like this :
bind-dn = "uid=admin", the base-dn = "ou=people,dc=example,dc=com" the bind-dn sent to the LDAP server was : "uid=admin,ou=people,dc=example,dc=com" which worked, ...but
The admin account does have limitations, for example: if an account is hidden in the global address list, the ldapsearch using the admin account does not return that hidden account, which means that the UTM does not see that account, which means that account cannot authenticate against the proxy for example.
Is there a way to correct this and force the UTM to just use the bind-dn given to it exactly?
Regards.
This thread was automatically locked due to age.