Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiDeceptor 2.0.0 Administration Guide
    2.0.0
    6.0.1
    6.0.0
    5.3.2
    5.3.1
    5.3.0
    5.2.0
    5.1.0
    5.0.0
    4.3.0
    4.2.0
    4.1.1
    4.1.0
    4.0.2
    4.0.1
    4.0.0
    3.3.3
    3.3.2
    3.3.1
    3.3.0
    3.2.2
    3.2.1
    3.2.0
    3.1.1
    3.1.0
    3.0.2
    3.0.1
    3.0.0
    2.1.0
    2.0.0
    1.1.0
    1.0.1

    LDAP Servers

    LDAP Servers

    The FortiDeceptor system supports remote authentication of administrators using LDAP servers. To use this feature, you must configure the appropriate server entries in the FortiDeceptor unit for each authentication server in your network.

    If you have configured LDAP support and require a user to authenticate using an LDAP server, the FortiDeceptor unit contacts the LDAP server for authentication. To authenticate with the FortiDeceptor unit, the user enters a user name and password. The FortiDeceptor unit sends this user name and password to the LDAP server. If the LDAP server can authenticate the user, the FortiDeceptor unit successfully authenticates the user. If the LDAP server cannot authenticate the user, the FortiDeceptor unit refuses the connection.

    The following options are available:

    Create New

    Select to add an LDAP server.

    Edit

    Select an LDAP server in the list and select Edit in the toolbar to edit the entry.

    Delete

    Select an LDAP server in the list and select Delete in the toolbar to delete the entry.

    The following information is displayed:

    Name

    The LDAP server name.

    Address

    The LDAP server address.

    Common Name

    The LDAP common name.

    Distinguished Name

    The LDAP distinguished name.

    Bind Type

    The LDAP bind type.

    Connection Type

    The LDAP connection type.

    Number of LDAP servers

    The number of LDAP server configured on the device.
    To create a new LDAP server:
    1. Go to System > LDAP Servers.
    2. Select + Create New from the toolbar.
    3. Configure the following settings:

      Name

      Enter a name to identify the LDAP server. The name should be unique to FortiDeceptor.

      Server Name/IP

      Enter the IP address or fully qualified domain name of the LDAP server.

      Port

      Enter the port for LDAP traffic. The default port is 389.

      Common Name

      The common name identifier for the LDAP server. Most LDAP servers use cn. However, some servers use other common name identifiers such as uid.

      Distinguished Name

      The distinguished name used to look up entries on the LDAP servers. The distinguished name reflects the hierarchy of LDAP database object classes above the common name identifier.

      Bind Type

      Select the type of binding for LDAP authentication. The following options are available:

      • Simple
      • Anonymous
      • Regular

      Username

      When the Bind Type is set to Regular, type the user name.

      Password

      When the Bind Type is set to Regular, type the password.

      Enable Secure Connection

      Select to use a secure LDAP server connection for authentication.

      Protocol

      When Enable Secure Connection is selected, select either LDAPS or STARTTLS.

      CA Certificate

      When Enable Secure Connection is selected, select the CA certificate from the drop-down list.
    4. Select OK to add the LDAP server.
    Previous
    Next

    LDAP Servers

    LDAP Servers

    The FortiDeceptor system supports remote authentication of administrators using LDAP servers. To use this feature, you must configure the appropriate server entries in the FortiDeceptor unit for each authentication server in your network.

    If you have configured LDAP support and require a user to authenticate using an LDAP server, the FortiDeceptor unit contacts the LDAP server for authentication. To authenticate with the FortiDeceptor unit, the user enters a user name and password. The FortiDeceptor unit sends this user name and password to the LDAP server. If the LDAP server can authenticate the user, the FortiDeceptor unit successfully authenticates the user. If the LDAP server cannot authenticate the user, the FortiDeceptor unit refuses the connection.

    The following options are available:

    Create New

    Select to add an LDAP server.

    Edit

    Select an LDAP server in the list and select Edit in the toolbar to edit the entry.

    Delete

    Select an LDAP server in the list and select Delete in the toolbar to delete the entry.

    The following information is displayed:

    Name

    The LDAP server name.

    Address

    The LDAP server address.

    Common Name

    The LDAP common name.

    Distinguished Name

    The LDAP distinguished name.

    Bind Type

    The LDAP bind type.

    Connection Type

    The LDAP connection type.

    Number of LDAP servers

    The number of LDAP server configured on the device.
    To create a new LDAP server:
    1. Go to System > LDAP Servers.
    2. Select + Create New from the toolbar.
    3. Configure the following settings:

      Name

      Enter a name to identify the LDAP server. The name should be unique to FortiDeceptor.

      Server Name/IP

      Enter the IP address or fully qualified domain name of the LDAP server.

      Port

      Enter the port for LDAP traffic. The default port is 389.

      Common Name

      The common name identifier for the LDAP server. Most LDAP servers use cn. However, some servers use other common name identifiers such as uid.

      Distinguished Name

      The distinguished name used to look up entries on the LDAP servers. The distinguished name reflects the hierarchy of LDAP database object classes above the common name identifier.

      Bind Type

      Select the type of binding for LDAP authentication. The following options are available:

      • Simple
      • Anonymous
      • Regular

      Username

      When the Bind Type is set to Regular, type the user name.

      Password

      When the Bind Type is set to Regular, type the password.

      Enable Secure Connection

      Select to use a secure LDAP server connection for authentication.

      Protocol

      When Enable Secure Connection is selected, select either LDAPS or STARTTLS.

      CA Certificate

      When Enable Secure Connection is selected, select the CA certificate from the drop-down list.
    4. Select OK to add the LDAP server.
    Previous
    Next