Fortinet Document Library

Version:

Version:


Table of Contents

Cookbook

Download PDF
Copy Link

Configuring the LDAP server

Create an LDAP entry for remote lookup of computers with the username attribute as dNSHostName.

To configure remote LDAP server on FortiAuthenticator:
  1. In FortiAuthenticator, go to Authentication > Remote Auth. Servers > LDAP, and click Create New.
  2. Under Create New LDAP Server, set the following:
    1. Name: Enter the server name, for example: AD_Computers.
    2. Primary server name/IP: Enter the LDAP server name, for example: dc01.wl-cse.net using Port 636.
    3. Base distinguished name: Enter the base distinguished name, for example: DC=wl-cse,DC=net.
    4. Bind typeRegular.
      Enter the username and password for your LDAP user.
  3. Under Query Elements, set the following:
    1. User object classcomputer.
    2. Username attribute: dNShostName.
    3. Group object classgroup.
    4. Obtain group memberships fromGroup attribute.
    5. Group membership attribute: memberOf.
  4. Enable Secure Connection, and set the following:
    1. ProtocolLDAPS.
    2. CA certificate: Select the CA certificate you previously configured.
  5. Click OK.

Configuring the LDAP server

Create an LDAP entry for remote lookup of computers with the username attribute as dNSHostName.

To configure remote LDAP server on FortiAuthenticator:
  1. In FortiAuthenticator, go to Authentication > Remote Auth. Servers > LDAP, and click Create New.
  2. Under Create New LDAP Server, set the following:
    1. Name: Enter the server name, for example: AD_Computers.
    2. Primary server name/IP: Enter the LDAP server name, for example: dc01.wl-cse.net using Port 636.
    3. Base distinguished name: Enter the base distinguished name, for example: DC=wl-cse,DC=net.
    4. Bind typeRegular.
      Enter the username and password for your LDAP user.
  3. Under Query Elements, set the following:
    1. User object classcomputer.
    2. Username attribute: dNShostName.
    3. Group object classgroup.
    4. Obtain group memberships fromGroup attribute.
    5. Group membership attribute: memberOf.
  4. Enable Secure Connection, and set the following:
    1. ProtocolLDAPS.
    2. CA certificate: Select the CA certificate you previously configured.
  5. Click OK.