03/26/2020 13 People found this article helpful 453,961 Views
SSL-VPN: LDAP Users from Sub-OU's (organizational units) can not authenticate
Introduction:
SonicWall SSL-VPN appliances have the ability to use an LDAP capable server for authentication. Within the LDAP Domain configuration on the SSL-VPN, next to the Domain Name and Server address, the LDAP BaseDNs for OU's need to be configured.
LDAP servers may have the requirement of Admin Privileges to allow Recursive OU lookup. In this case only filling in Base OU's will not grant access to users located in Sub OU's.
Resolution:
When users located in Sub OU's can not authenticate, SonicWall SSL-VPN gives the option to provide a Login Username and Password for binding to the LDAP. If this user is granted Administrator privileges, the SonicWall SSL-VPN is able to do recursive lookups in Sub OU's.