Authentication servers

To configure the FortiGate unit for LDAP authentication – web-based manager:

1. Go to User & Device > Authentication > LDAP Servers and select Create New.

2. Enter a Name for the LDAP server.

3. In Server Name/IP enter the server’s FQDN or IP address.

4. If necessary, change the Server Port number. The default is port 389.

5. Enter the Common Name Identifier (20 characters maximum).

cn is the default, and is used by most LDAP servers.

6. In the Distinguished Name field, enter the base distinguished name for the server using the correct X.500 or

LDAP format.

The FortiGate unit passes this distinguished name unchanged to the server. The maximum number of characters is 512.

If you don’t know the distinguished name, leave the field blank and select the Query icon to the right of the field. See Using the Query icon on page 461.

7. In the Distinguished Name field, enter the base distinguished name for the server using the correct X.500 or

LDAP format.

The FortiGate unit passes this distinguished name unchanged to the server. The maximum number of characters is 512.

If you don’t know the distinguished name, leave the field blank and select the Query icon to the right of the field. See Using the Query icon on page 461.

8. In Bind Type, select Regular.

9. In User DN, enter the LDAP administrator’s distinguished name.

10. In Password, enter the LDAP administrator’s password.

11. Select OK.

 

To verify your Distinguished Name field is correct, you can select the Test button. If your DN field entry is valid, you will see the part of the LDAP database it defines. If your DN field entry is not valid, it will display an error message and return no inform- ation.

For detailed information about configuration options for LDAP servers, see the Online Help on your FortiGate unit or the FortiGate CLI Reference.

This entry was posted in FortiOS 5.4 Handbook on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.