Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Subscribers 3 subscribers
  • Views 3496 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

dynamic groups LDAP authentication

danielosser_01
Hi.

We're setting up user authentication via LDAP backend server to SSL VPN and want to limit login to specific backend group memberships ("Limit to backend group(s) membership").
We have set up the LDAP backend server and authentication test works fine.

When setting up the group (in ASG) we want dynamic membership (based on LDAP auth) to limit users we want to use "Check an LDAP attribute".

No matter what attribute and value we try users are not included in the group, and thus auth based on group doesn't work.

Is this a bug or are we missing some critical info here?

ASG 220
Firmware version: 9.101-12
OpenLDAP (SLES)

Thanks for any answer in advance.

Best regards,

Daniel


This thread was automatically locked due to age.
Parents
  • 0
    Rethinking this...  First, read https://community.sophos.com/products/unified-threat-management/astaroorg/f/53/t/33577. However, I don't think it's possible to do prefetch of LDAP users on the 'Advanced' tab of 'Authentication Servers' - I'd be glad to learn that this works today as I thought it did four years ago.  I think you need to enable automatic sync for the User Portal so that the User object and associated certificate are created when a user logs in to download the SSL VPN configuration.   

    Cheers - Bob  

    Sorry for any short responses.  Posted from my iPhone.
Reply
  • 0
    Rethinking this...  First, read https://community.sophos.com/products/unified-threat-management/astaroorg/f/53/t/33577. However, I don't think it's possible to do prefetch of LDAP users on the 'Advanced' tab of 'Authentication Servers' - I'd be glad to learn that this works today as I thought it did four years ago.  I think you need to enable automatic sync for the User Portal so that the User object and associated certificate are created when a user logs in to download the SSL VPN configuration.   

    Cheers - Bob  

    Sorry for any short responses.  Posted from my iPhone.
Children
No Data