Dell SonicWALL Secure Mobile Access 8.5Administration Guide 404Group Configuration for LDAP AuthenticationDomainsLightweight Directory Access Protocol (LDAP) is a standard for querying and updating a directory. Because LDAPsupports a multilevel hierarchy (for example, groups or organizational units), the SMA/SRA appliance can querythis information and provide specific group policies or bookmarks based on LDAP attributes. By configuring LDAPattributes, the SMA/SRA appliance administrator can leverage the groups that have already been configured inan LDAP or Active Directory database, rather than needing to manually recreate the same groups in theSMA/SRA appliance.After an LDAP authentication domain is created, a default LDAP group is created with the same name as theLDAP domain name. Although additional groups can be added or deleted from this domain, the default LDAPgroup cannot be deleted. If the user for which you created LDAP attributes enters the Virtual Office home page,the bookmark you created for the group the user is in displays in the Bookmarks Table.For an LDAP group, you can define LDAP attributes. For example, you can specify that users in an LDAP groupmust be members of a certain group or organizational unit defined on the LDAP server. Or you can specify aunique LDAP distinguished name.To add an LDAP attribute for a group so that a user has a bookmark assigned when entering theVirtual Office environment, complete the following steps:1 Navigate to the Portals > Domains page and click Add Domain to display the Add New Domainwindow.2 Select LDAP from the Authentication Type menu. The LDAP domain configuration fields are displayed.NOTE: The Microsoft Active Directory database uses an LDAP organization schema. The Active Directorydatabase might be queried using Kerberos authentication (the standard authentication type; this islabeled “Active Directory” domain authentication in the Secure Mobile Access management interface), orusing LDAP database queries. An LDAP domain configured in the Secure Mobile Access managementinterface can authenticate to an Active Directory server.