To configure the FortiGate unit for LDAP authentication – web-based manager:
1. Go to User & Device > Authentication > LDAP Servers and select Create New.
2. Enter a Name for the LDAP server.
3. In Server Name/IP enter the server’s FQDN or IP address.
4. If necessary, change the Server Port number. The default is port 389.
5. Enter the Common Name Identifier (20 characters maximum).
cn is the default, and is used by most LDAP servers.
6. In the Distinguished Name field, enter the base distinguished name for the server using the correct X.500 or
LDAP format.
The FortiGate unit passes this distinguished name unchanged to the server. The maximum number of characters is 512.
If you don’t know the distinguished name, leave the field blank and select the Query icon to the right of the field. See Using the Query icon on page 461.
7. In the Distinguished Name field, enter the base distinguished name for the server using the correct X.500 or
LDAP format.
The FortiGate unit passes this distinguished name unchanged to the server. The maximum number of characters is 512.
If you don’t know the distinguished name, leave the field blank and select the Query icon to the right of the field. See Using the Query icon on page 461.
8. In Bind Type, select Regular.
9. In User DN, enter the LDAP administrator’s distinguished name.
10. In Password, enter the LDAP administrator’s password.
11. Select OK.
To verify your Distinguished Name field is correct, you can select the Test button. If your DN field entry is valid, you will see the part of the LDAP database it defines. If your DN field entry is not valid, it will display an error message and return no inform- ation.
For detailed information about configuration options for LDAP servers, see the Online Help on your FortiGate unit or the FortiGate CLI Reference.