LDAP Servers
FortiDeceptor supports remote authentication of administrators using LDAP servers. To use this feature, configure the server entries in FortiDeceptor for each authentication server in your network.
If you have configured LDAP support and require users to authenticate using an LDAP server, FortiDeceptor contacts the LDAP server for authentication. To authenticate with FortiDeceptor, the user enters a user name and password. FortiDeceptor sends this user name and password to the LDAP server. If the LDAP server can authenticate the user, FortiDeceptor authenticates the user. If the LDAP server cannot authenticate the user, FortiDeceptor refuses the connection.
Due to the security enhancement requirement, FortiDeceptor requires peer servers to use strong cipher algorithm for certificates. |
The following options are available:
Create New |
Add an LDAP server. |
Edit |
Edit the selected LDAP server. |
Delete |
Delete the selected LDAP server. |
The following information is displayed:
Name |
LDAP server name. |
Address |
LDAP server address. |
Common Name |
LDAP common name. |
Distinguished Name |
LDAP distinguished name. |
Bind Type |
LDAP bind type. |
Connection Type |
LDAP connection type. |
To create a new LDAP server:
- Go to System > LDAP Servers.
- Click Create New.
- Configure the following settings:
Name
A unique name to identify the LDAP server.
Server Name/IP
Port
The port for LDAP traffic.
The default port is 389.
Common Name
Common name identifier of the LDAP server.
Most LDAP servers use
cn
. Some servers use other common name identifiers such asuid
.Distinguished Name
Distinguished name used to look up entries on LDAP servers. The distinguished name reflects the hierarchy of LDAP database object classes above the common name identifier.
Bind Type
The type of binding for LDAP authentication:
- Simple
- Anonymous
- Regular
Username
When the Bind Type is set to Regular, enter the user name.
Password
When the Bind Type is set to Regular, enter the password.
Enable Secure Connection
Use a secure LDAP server connection for authentication.
Protocol
When Enable Secure Connection is selected, select LDAPS or STARTTLS.
CA Certificate
When Enable Secure Connection is selected, select a CA Certificate.
- Click OK.