What does "Allow LDAP referrals:" mean on LDAP configuration page?
03/26/2020 1060 14867
DESCRIPTION: What does "Allow LDAP referrals:" mean on LDAP configuration page?
What does “Allow LDAP referrals:” mean on LDAP configuration page?
In organizations with multiple LDAP servers, you may require SonicWall email security server to query all the LDAP servers. When you check this box it will query all the LDAP server available in your organization.
However, this can be very slow: referrals can take 20 seconds or longer. This will occur during administrator or user login to SonicWall Email Security. You can find this setting under Manage | Server | LDAP Configuration . Select the LDAP server , "Allow LDAP referrals" under LDAP server configuration.
If you only have one LDAP server in your organization you may want to leave this option unchecked to speed up user logins.
If you have two or more LDAP servers but they all share the same information (replicate users, groups), then also you can also turn off LDAP referrals.
Multiple LDAP configuration is supported starting with 7.0.0 version or higher which is faster than querying while referral is checked.
LDAP referrals and continuation references can simplify configuration, but using them can also lead to performance issues. They can be used by the SonicWall in the following ways:
It is necessary to use referrals any time that user information is located on an LDAP server other than the configured primary one.
Individual directory trees can be manually configured to span multiple LDAP servers, and that requires the use of continuation references during authentication.
During auto-configuration of the directory, continuation references can allow the trees to be read from multiple LDAP servers in a single operation.
With single-sign-on, the LDAP directory is searched for domain entries corresponding to the domains that users are logged into. For this to work with users in multiple sub-domains having separate LDAP servers, continuation references must be used here.