Creating an internal LDAP
This type of directory is hosted by your Stormshield Network multi-function firewall, and your information is stored in it once the LDAP directory is created.
Step 1: Selecting the directory
As indicated above, the LDAP database option has to be selected in order to confirm your choice. This is the first step in the configuration of a directory.
Select the option Connect to an internal LDAP directory and click on Next.
Step 2: Accessing the directory
In this second step, you will need to enter general information concerning the LDAP database that you wish to create. The information entered here will reappear in your firewall’s LDAP directory schema. The name of your directory will be automatically created based on the value of the Organization and Domain fields.
| Organization | Name of your company (e.g.: mycompany). |
| Domain | The extension of your domain name (e.g.: fr, eu, org, com, etc.). |
| Password | Defines the password for LDAP administration. |
| Confirm password | Confirmation of the LDAP administration password that you have just entered in the previous field. |
| Password strength | This progress bar indicates your password’s level of security: “Very Weak”, “Weak”, “Medium”, “Good” or “Excellent”. You are strongly advised to use uppercase letters and special characters. |
| Password hash | Password encryption method for users. SSHA256 is recommended. |
NOTE
Only the password and hash method can be modified later, after you have configured your internal LDAP.
Click on Finish to display the internal LDAP directory screen.
Internal LDAP directory screen
Once the configuration of the LDAP directory is complete, you will arrive at the internal LDAP screen which sets out the following items:
Configuration
| Enable user directory | This option allows you to start the LDAP service. If this option is not selected, the module will be inactive. |
| Organization | This field will contain the name of your company, entered earlier. |
| Domain | This field will contain your company’s domain. |
| Login | The login that will allow you to connect to the internal LDAP base. |
| Password | The password allowing the firewall to connect to the directory. This password can be modified. |
| Confirm password | Confirmation of the LDAP administration password that you have just entered in the previous field. |
| Password strength | This field indicates your password’s level of security: “Very Weak”, “Weak”, “Medium”, “Good” or “Excellent”. You are strongly advised to use uppercase letters and special characters. |
| Password hash | Password encryption method for users. SSHA256 is recommended. |
Access to the internal LDAP
| Enable unencrypted access (PLAIN) | Data entered will not be encrypted, but displayed in plaintext. |
| Enable SSL access (SSL certificate presented by the server) |
In order to set up SSL access, you will need to select a certificate server already generated by your root CA, or an imported certificate. The |
icon indicates certificates with a TPM-protected private key. For more information on the TPM, see the section Advanced properties
| Use the firewall account to check user authentication on the directory |
When this option is selected, the firewall will intercept the authentication request, which is submitted using the account that holds all privileges on the directory: cn=NetasqAdmin. If it is not selected, the request will be submitted in the directory itself. |
| Allow nested groups | Selecting this option allows you to create groups inside other user groups. |
| Password hash | Password encryption method for users. SSHA256 is recommended. |