Fortinet white logo
Fortinet white logo

Administration Guide

LDAP Servers

LDAP Servers

FortiDeceptor supports remote authentication of administrators using LDAP servers. To use this feature, configure the server entries in FortiDeceptor for each authentication server in your network.

If you have configured LDAP support and require users to authenticate using an LDAP server, FortiDeceptor contacts the LDAP server for authentication. To authenticate with FortiDeceptor, the user enters a user name and password. FortiDeceptor sends this user name and password to the LDAP server. If the LDAP server can authenticate the user, FortiDeceptor authenticates the user. If the LDAP server cannot authenticate the user, FortiDeceptor refuses the connection.

Note

Due to the security enhancement requirement, FortiDeceptor requires peer servers to use strong cipher algorithm for certificates.

The following options are available:

Create New

Add an LDAP server.

Edit

Edit the selected LDAP server.

Delete

Delete the selected LDAP server.

The following information is displayed:

Name

LDAP server name.

Address

LDAP server address.

Common Name

LDAP common name.

Distinguished Name

LDAP distinguished name.

Bind Type

LDAP bind type.

Connection Type

LDAP connection type.

To create a new LDAP server:
  1. Go to System > LDAP Servers.
  2. Click Create New.
  3. Configure the following settings:

    Name

    A unique name to identify the LDAP server.

    Server Name/IP

    IP address or FQDN of the LDAP server.

    Port

    The port for LDAP traffic.

    The default port is 389.

    Common Name

    Common name identifier of the LDAP server.

    Most LDAP servers use cn. Some servers use other common name identifiers such as uid.

    Distinguished Name

    Distinguished name used to look up entries on LDAP servers. The distinguished name reflects the hierarchy of LDAP database object classes above the common name identifier.

    Bind Type

    The type of binding for LDAP authentication:

    • Simple
    • Anonymous
    • Regular

    Username

    When the Bind Type is set to Regular, enter the user name.

    Password

    When the Bind Type is set to Regular, enter the password.

    Enable Secure Connection

    Use a secure LDAP server connection for authentication.

    Protocol

    When Enable Secure Connection is selected, select LDAPS or STARTTLS.

    CA Certificate

    When Enable Secure Connection is selected, select a CA Certificate.

  4. Click OK.

LDAP Servers

LDAP Servers

FortiDeceptor supports remote authentication of administrators using LDAP servers. To use this feature, configure the server entries in FortiDeceptor for each authentication server in your network.

If you have configured LDAP support and require users to authenticate using an LDAP server, FortiDeceptor contacts the LDAP server for authentication. To authenticate with FortiDeceptor, the user enters a user name and password. FortiDeceptor sends this user name and password to the LDAP server. If the LDAP server can authenticate the user, FortiDeceptor authenticates the user. If the LDAP server cannot authenticate the user, FortiDeceptor refuses the connection.

Note

Due to the security enhancement requirement, FortiDeceptor requires peer servers to use strong cipher algorithm for certificates.

The following options are available:

Create New

Add an LDAP server.

Edit

Edit the selected LDAP server.

Delete

Delete the selected LDAP server.

The following information is displayed:

Name

LDAP server name.

Address

LDAP server address.

Common Name

LDAP common name.

Distinguished Name

LDAP distinguished name.

Bind Type

LDAP bind type.

Connection Type

LDAP connection type.

To create a new LDAP server:
  1. Go to System > LDAP Servers.
  2. Click Create New.
  3. Configure the following settings:

    Name

    A unique name to identify the LDAP server.

    Server Name/IP

    IP address or FQDN of the LDAP server.

    Port

    The port for LDAP traffic.

    The default port is 389.

    Common Name

    Common name identifier of the LDAP server.

    Most LDAP servers use cn. Some servers use other common name identifiers such as uid.

    Distinguished Name

    Distinguished name used to look up entries on LDAP servers. The distinguished name reflects the hierarchy of LDAP database object classes above the common name identifier.

    Bind Type

    The type of binding for LDAP authentication:

    • Simple
    • Anonymous
    • Regular

    Username

    When the Bind Type is set to Regular, enter the user name.

    Password

    When the Bind Type is set to Regular, enter the password.

    Enable Secure Connection

    Use a secure LDAP server connection for authentication.

    Protocol

    When Enable Secure Connection is selected, select LDAPS or STARTTLS.

    CA Certificate

    When Enable Secure Connection is selected, select a CA Certificate.

  4. Click OK.