Hi all
This was asked previously in https://community.sophos.com/sophos-xg-firewall/f/discussions/119909/sophos-xg-user-authentication-with-g-suite-ldap, but it looked like the thread went dead without ever getting a conclusive answer.
I've utilised the guides at https://community.sophos.com/kb/en-us/123163 and https://support.google.com/a/answer/9048516?hl=en but I'm still no further forward with this.
I'm trying to set up LDAP authentication on SFOS 18.0.4 to ldap.google.com for a Google Workspace setup. The LDAP application in Google Workspace admin generates a self-signed cert issued to 'LDAP Client' and issued by 'LDAP Client' that being self signed, doesn't have any CA chain. The LDAP application in Google also isn't able to import in any other certificates that can be used in it's place (i.e. self signed from the Sophos or a commercially-issued certificate).
As the cert (in PEM format) is self-signed without any corresponding passphase (just the key file), I've tried various options including successfully importing it into Windows marked as exportable as both trusted root CA and certificate where it still shows the cert as standalone and doesn't form any kind of chain. This certificate is importable on the XG in the same way as the original cert and private key would have been, but as it doesn't have any validated chain, the Sophos won't allow me to use it.
I've tried Sophos support and Google workspace support, and just banged my head against a brick wall - they've not been able to provide me with any new insights over and above what I've already researched.
My question is, has anyone managed to successfully get this working, and if so, how did you do it?
This thread was automatically locked due to age.