Using LDAP authentication
When you use LDAP authentication, the external directory server where user accounts are stored verifies the user credentials.
When users authenticate to the Secure SD-WAN Engine, the Secure SD-WAN Engine sends the user name and password to the external directory server for authentication. The external directory server checks the user name and password against the user’s credentials in the directory, then responds to the Secure SD-WAN Engine whether authentication succeeds or fails.
Note: Because the user name and password are sent through the LDAP connection, we recommend using LDAPS or Start TLS when you use LDAP
Authentication.
You can use LDAP authentication with the following features:
- IPsec and SSL tunnels in mobile VPNs
- The SSL VPN Portal
- Browser-based user authentication.
LDAP authentication has the following limitations:
- You cannot use LDAP authentication for users stored in the Management Server’s internal LDAP user database.
- LDAP authentication is not supported for the WPA enterprise security mode on SSID Interfaces. Note: WPA enterprise security mode always requires an external RADIUS server that has EAP support.