Creating an internal LDAP

This type of directory is hosted by your Stormshield Network multi-function firewall, and your information is stored in it once the LDAP directory is created.

Step 1: Selecting the directory

As indicated above, the LDAP database option has to be selected in order to confirm your choice. This is the first step in the configuration of a directory.

Select the option Connect to an internal LDAP directory and click on Next.

Step 2: Accessing the directory

In this second step, you will need to enter general information concerning the LDAP database that you wish to create. The information entered here will reappear in your firewall’s LDAP directory schema. The name of your directory will be automatically created based on the value of the Organization and Domain fields.

Organization Name of your company (e.g.: mycompany).
Domain The extension of your domain name (e.g.: fr, eu, org, com, etc.).
Password Defines the password for LDAP administration.
Confirm password Confirmation of the LDAP administration password that you have just entered in the previous field.
Password strength This progress bar indicates your password’s level of security: “Very Weak”, “Weak”, “Medium”, “Good” or “Excellent”.
You are strongly advised to use uppercase letters and special characters.
Password hash Algorithm that encrypts user passwords.

NOTE
Only the password and hash method can be modified later, after you have configured your internal LDAP.

Click on Finish to display the internal LDAP directory screen.

Internal LDAP directory screen

Once the configuration of the LDAP directory is complete, you will arrive at the internal LDAP screen which sets out the following items:

Configuration

Enable user directory This option allows you to start the LDAP service.
If this option is not selected, the module will be inactive.
Organization This field will contain the name of your company, entered earlier.
Domain This field will contain your company’s domain.
ID The login that will allow you to connect to the internal LDAP base.
Password The password allowing the firewall to connect to the directory.
This password can be modified.
Confirm password Confirmation of the LDAP administration password that you have just entered in the previous field.
Password strength This field indicates your password’s level of security: “Very Weak”, “Weak”, “Medium”, “Good” or “Excellent”.
You are strongly advised to use uppercase letters and special characters.

Access to the internal LDAP

Enable unencrypted access (PLAIN) Data entered will not be encrypted, but displayed in plaintext.
Enable SSL access (SSL certificate presented by the server)

In order to set up SSL access, you will need to select a certificate server already generated by your root CA, or an imported certificate.

The icon indicates certificates with a TPM-protected private key. For more information on the TPM, see the section Trusted Platform Module.

Advanced properties

Use the firewall account to check user authentication on the directory

When this option is selected, the firewall will intercept the authentication request, which is submitted using the account that holds all privileges on the directory: cn=NetasqAdmin.

If it is not selected, the request will be submitted in the directory itself.

Allow nested groups Selecting this option allows you to create groups inside other user groups.
Password hash Algorithm that encrypts user passwords.
A caption will specify whether the algorithm is obsolete.