Now you can finish the LDAPS configuration using client authentication through certificate.
- Go to Authentication > Remote Auth. Servers > LDAP > Create New, and enter the following information:
- Enter a name.
- For Primary server name/IP enter
ldap.google.com, and set the port to
- Enter the base distinguished name.
- For the Username attribute, enter
- Select the option to obtain group memberships from Group attribute.
- Enable Secure Connection and select either LDAPS or STARTTLS as the Protocol, and select All Trusted in the Trusted CA option.
- Enable Use Client Certificate for TLS Authentication, and select the LDAP certificate.
- Select OK.
If required, you can now import users by selecting Import users when editing the LDAP server, selecting the LDAP server from the Remote LDAP server dropdown, and clicking the Go button next to the Import users dropdown. This is not a required step, but can be done in cases where you want to include additional information to their accounts or assign FortiTokens.