User Management
636
SonicOS Enhanced 4.0 Administrator Guide
• User group membership attribute – Select the attribute that contains information about
the groups to which the user object belongs. This is memberOf in Microsoft Active
Directory. The other pre-defined schemas store group membership information in the group
object rather than the user object, and therefore do not use this field.
• Framed IP address attribute – Select the attribute that can be used to retrieve a static IP
address that is assigned to a user in the directory. Currently it is only used for a user
connecting via L2TP with the SonicWALL’s L2TP server. In the future this may also be
supported for Global VPN Client. In Active Directory the static IP address is configured on
the Dial-in tab of a user’s properties.
Step 7 On the Directory tab, configure the following fields:
• Primary Domain – The user domain used by your LDAP implementation. For AD, this will
be the Active Directory domain name, e.g. yourADdomain.com. Changes to this field will,
optionally, automatically update the tree information in the rest of the page. This is set to
mydomain.com by default for all schemas except Novell eDirectory, for which it is set to
o=mydomain.
• User tree for login to server – The tree in which the user specified in the Settings tab
resides. For example, in Active Directory the ‘administrator’ account’s default tree is the
same as the user tree.
• Trees containing users – The trees where users commonly reside in the LDAP directory.
One default value is provided which can be edited, and up to a total of 64 DN values may
be provided. The SonicWALL will search the directory using them all until a match is found,
or the list is exhausted. If you have created other user containers within your LDAP or AD
directory, you should specify them here.
• Trees containing user groups – Same as above, only with regard to user group
containers, and a maximum of 32 DN values may be provided. These are only applicable
when there is no user group membership attribute in the schema's user object, and are not
used with AD.
All the above trees are normally given in URL format but can alternatively be specified as
distinguished names (e.g. “myDom.com/Sales/Users” could alternatively be given as the
DN
“ou=Users,ou=Sales,dc=myDom,dc=com”). The latter form will be necessary if the DN
does not conform to the normal formatting rules as per that example. In Active Directory the
URL corresponding to the distinguished name for a tree is displayed on the Object tab in
the properties of the container at the top of the tree.