Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Configure Settings for LDAP Authentication

Configure the settings for the LDAP authentication method by modifying the settings in the rule for authenticating a user that you have imported from the rule set library.

  1. In the imported rule, click the settings of the Authentication.Authenticate property that you have renamed to LDAP or a similar name.
    The Edit Settings window opens.
  2. Under Authentication Method, select LDAP.
    The LDAP Specific Parameters section appears next to Common Authentication Parameters.
    NOTE: You can leave the common parameters as they are, as well as the LDAP-specific parameters that are not mentioned in the following.
  3. In the LDAP server(s) to connect to list, add an entry for the LDAP server that the directory with the user information resides on.
    The syntax for an entry is as follows:

    {LDAP | LDAPS}://<IP address>[:<port number>]

    For example: LDAP://

    NOTE: LDAP is an insecure protocol, as it transmits information in clear text. We recommend using LDAPS (secure LDAP) if possible. The default LDAP port is 389 while LDAPS uses 636.
  4. Provide the administrator credentials that Web Gateway submits when trying to connect to the LDAP server.
    1. Under Credentials, type a common name and a domain controller name in LDAP style, for example:
    2. Under Password, type an administrator password.
  5. If the directory on the LDAP server is an Active Directory, deselect Allow LDAP directory to follow referrals.
  6. Provide information for the query to find the distinguished name of the user who is to be authenticated.
    1. Under Base distinguished name to user objects, specify a starting point for the query.
      The starting point is specified in LDAP style, for example:
    2. Select Map user name to DN.
      Selecting this option lets the query search for a distinguished name that the submitted user name is mapped to in the directory.
    3. Under Filter expression to locate a user object, specify a user attribute that allows the distinguished name to be found.
      Specifying this filter expression enables the search to find the entry for a user in the directory. The filter expression is the user name that the user submitted. The user name is stored in the directory as the value of an attribute that is part of the entry for a user.

      In an Active Directory, the name of the attribute that stores the user name is sAMAccountName. On Web Gateway, the user name is stored in a variable named %u.

      The filter expression must therefore be specified as follows if an Active Directory is used:


      Using this filter expression, the query will find the user entry and, consequently, try to map the user name to a distinguished name that might have been entered into the directory for a user with that user name.
  7. Click OK to close the window.
  8. Click Save Changes.

These settings enable Web Gateway to authenticate a user under the LDAP authentication method. To retrieve information stored in other attributes within a directory, additional settings are required.

  • Was this article helpful?