Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiAuthenticator 6.6.1 Administration Guide
    6.6.1
    6.6.2
    6.6.1
    6.6.0
    6.5.5
    6.5.4
    6.5.3
    6.5.2
    6.5.1
    6.5.0
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.3.4
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.2
    6.2.1
    6.2.0
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.5.0
    5.4.0
    5.3.0
    5.2.0
    5.1.0
    5.0.0
    4.3.0
    4.2.1
    4.2.0

    Configuring a FortiGate unit for FortiAuthenticator LDAP

    Configuring a FortiGate unit for FortiAuthenticator LDAP

    When you have defined the FortiAuthenticator LDAP tree, you can configure FortiGate units to access the FortiAuthenticator as an LDAP server and authenticate users.

    To configure the FortiGate unit for LDAP authentication:
    1. On the FortiGate unit, go to User & Device > LDAP Servers and select Create New.
    2. Enter the following information:
      NameEnter a name to identify the FortiAuthenticator LDAP server on the FortiGate unit.
      Server IP/NameEnter the IP address FQDN of FortiAuthenticator.
      Server PortLeave at default (389).
      Common Name IdentifierEnter uid, the user ID.
      Distinguished NameEnter the LDAP node where the user account entries can be found. For example, ou=People,dc=example,dc=com
      Bind Type

      The FortiGate unit can be configured to use one of three types of binding:

      • Simple: Bind using a simple password authentication without a search.
      • Anonymous: Bind using anonymous user search.
      • Regular: Bind using username/password and then search.

      You can use simple authentication if the user records all fall under one distinguished name (DN). If the users are under more than one DN, use the anonymous or regular type, which can search the entire LDAP database for the required username.

      If your LDAP server requires authentication to perform searches, use the regular type and provide the Username and Password.

      Secure ConnectionIf you select Secure Connection, you must select LDAPS or STARTTLS protocol and the CA security certificate that verifies the FortiAuthenticator device's identity. If you select LDAPS protocol, the Server Port will change to 636.
    3. Optionally, use the Test Connectivity and Test User Credentials features. Select OK to apply your settings.
    4. Add the LDAP server to a user group. Specify that user group in identity-based security policies where you require authentication.
    Previous
    Next

    Configuring a FortiGate unit for FortiAuthenticator LDAP

    Configuring a FortiGate unit for FortiAuthenticator LDAP

    When you have defined the FortiAuthenticator LDAP tree, you can configure FortiGate units to access the FortiAuthenticator as an LDAP server and authenticate users.

    To configure the FortiGate unit for LDAP authentication:
    1. On the FortiGate unit, go to User & Device > LDAP Servers and select Create New.
    2. Enter the following information:
      NameEnter a name to identify the FortiAuthenticator LDAP server on the FortiGate unit.
      Server IP/NameEnter the IP address FQDN of FortiAuthenticator.
      Server PortLeave at default (389).
      Common Name IdentifierEnter uid, the user ID.
      Distinguished NameEnter the LDAP node where the user account entries can be found. For example, ou=People,dc=example,dc=com
      Bind Type

      The FortiGate unit can be configured to use one of three types of binding:

      • Simple: Bind using a simple password authentication without a search.
      • Anonymous: Bind using anonymous user search.
      • Regular: Bind using username/password and then search.

      You can use simple authentication if the user records all fall under one distinguished name (DN). If the users are under more than one DN, use the anonymous or regular type, which can search the entire LDAP database for the required username.

      If your LDAP server requires authentication to perform searches, use the regular type and provide the Username and Password.

      Secure ConnectionIf you select Secure Connection, you must select LDAPS or STARTTLS protocol and the CA security certificate that verifies the FortiAuthenticator device's identity. If you select LDAPS protocol, the Server Port will change to 636.
    3. Optionally, use the Test Connectivity and Test User Credentials features. Select OK to apply your settings.
    4. Add the LDAP server to a user group. Specify that user group in identity-based security policies where you require authentication.
    Previous
    Next