Fortinet white logo
Fortinet white logo

CLI Reference

config user ldap

config user ldap

Configure a LDAP user.

config user ldap
  edit <name>
    set server {string}
    set source-ip {string}
    set cn-id {string}
    set dn {string}
    set type [simple | regular]
    set secure [disable | starttls | ldaps]
    set ca-cert [datasource]
    set port {integer}
    set server-identity-check [enable | disable]
  next
end
Sample syntax:
config user ldap
  edit ldap_svr
    set server 192.168.120.10
    set source-ip 
    set cn-id cn
    set dn ou=users,dc=example,dc=com
    set type simple
    set secure disable
    set port 389
  next
end
Parametrer Description Type Size Default

server

Primary LDAP server, CN domain name, or IP address.

string - NULL

source-ip

IP address used for communication with the LDAP server.

string - 0.0.0.0

cn-id

Common name identifier for the LDAP server. The common name identifier for most LDAP servers is "cn".

string - cn

dn

Distinguished name used to look up entries on the LDAP server.

string -

NULL

type

Authentication type for LDAP searches.

option - simple
Option Description
simple Simple password authentication without search.
regular Bind using username/password and then search.

secure

Method for LDAP communication.

option - disable

Option Description
disable No SSL.
starttls Use StartTLS.
ldaps Use LDAPS.

ca-cert

CA certificate name.

Note: You can directly assign the CA certificate or leave it blank. FortiBranchSASE will iterate to find the appropriate one.

datasource - NULL

port

Port to be used for communication with the LDAP server.

Note: For LDAPS, the default port is 636. For LDAP/STARTLS, the default port is 389.

integer 1-65535 389

server-identity-check

Enable/disable LDAP server identity check to verify server domain name/IP address against the server certificate.

option

-

enable

Option Description
enable Enable LDAP server identity check.
disable Disable LDAP server identity check.

config user ldap

config user ldap

Configure a LDAP user.

config user ldap
  edit <name>
    set server {string}
    set source-ip {string}
    set cn-id {string}
    set dn {string}
    set type [simple | regular]
    set secure [disable | starttls | ldaps]
    set ca-cert [datasource]
    set port {integer}
    set server-identity-check [enable | disable]
  next
end
Sample syntax:
config user ldap
  edit ldap_svr
    set server 192.168.120.10
    set source-ip 
    set cn-id cn
    set dn ou=users,dc=example,dc=com
    set type simple
    set secure disable
    set port 389
  next
end
Parametrer Description Type Size Default

server

Primary LDAP server, CN domain name, or IP address.

string - NULL

source-ip

IP address used for communication with the LDAP server.

string - 0.0.0.0

cn-id

Common name identifier for the LDAP server. The common name identifier for most LDAP servers is "cn".

string - cn

dn

Distinguished name used to look up entries on the LDAP server.

string -

NULL

type

Authentication type for LDAP searches.

option - simple
Option Description
simple Simple password authentication without search.
regular Bind using username/password and then search.

secure

Method for LDAP communication.

option - disable

Option Description
disable No SSL.
starttls Use StartTLS.
ldaps Use LDAPS.

ca-cert

CA certificate name.

Note: You can directly assign the CA certificate or leave it blank. FortiBranchSASE will iterate to find the appropriate one.

datasource - NULL

port

Port to be used for communication with the LDAP server.

Note: For LDAPS, the default port is 636. For LDAP/STARTLS, the default port is 389.

integer 1-65535 389

server-identity-check

Enable/disable LDAP server identity check to verify server domain name/IP address against the server certificate.

option

-

enable

Option Description
enable Enable LDAP server identity check.
disable Disable LDAP server identity check.