Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiDLP LDAP Sync Tool Administration Guide

    Home FortiDLP FortiDLP LDAP Sync Tool Administration Guide

    Using command-line flags

    Using command-line flags

    The LDAP Sync Tool supports the following command-line flags that allow you to set configuration values, view user synchronization details, and more.

    Command-line flags
    Flag Description
    --apitoken String. Sets the FortiDLP API access token.
    --apiurl String. Sets the URL of your organization's FortiDLP Console.
    --config

    String. Sets the path to the configuration file. This is not required if you saved the configuration file in the same directory as the LDAP Sync Tool binary file and named it config.yaml.

    Example

    For example, on Windows, you could run
    .\ldap-sync --config C:\Users\Sam\Documents\ldapconfig.yaml to specify that your configuration file is in your Documents folder.
    --archivedeleted

    The rule to automatically archive directory-deleted users when the directory is synced to FortiDLP.

    Note

    Before you enable this rule for the first time — either by using this flag or via the configuration file — you need to initialize the directory by performing a full sync to FortiDLP. See Creating the configuration file for details.

    When this flag is used, deleted users will not be archived in Reveal if diffsync is included in the configuration file.
    --printconfig Shows the configuration file in the CLI so it can be reviewed prior to syncing.
    --dryrun Downloads users from your specified LDAP directory and shows their names in the CLI, but does not upload them to the FortiDLP Infrastructure.
    --photosync Enables photo syncing for users' profile pictures in the FortiDLP Console.
    --logs

    String. Sets the file path to write logs to. These logs will contain the same output as displayed in the CLI.

    Example

    For example, on Windows, running .\ldap-sync --logs C:\Users\Sam\Documents\ldap-sync-log.txt would generate a log file called ldap-sync-log.txt in your Documents folder.
    --maxretries Integer. Sets the maximum number of retries that can occur after a failure connecting to the FortiDLP Infrastructure or LDAP server, or syncing users.
    --skiptls Skips certificate verification of the FortiDLP API.
    --version Shows the LDAP Sync Tool software version.
    Previous
    Next

    Using command-line flags

    Using command-line flags

    The LDAP Sync Tool supports the following command-line flags that allow you to set configuration values, view user synchronization details, and more.

    Command-line flags
    Flag Description
    --apitoken String. Sets the FortiDLP API access token.
    --apiurl String. Sets the URL of your organization's FortiDLP Console.
    --config

    String. Sets the path to the configuration file. This is not required if you saved the configuration file in the same directory as the LDAP Sync Tool binary file and named it config.yaml.

    Example

    For example, on Windows, you could run
    .\ldap-sync --config C:\Users\Sam\Documents\ldapconfig.yaml to specify that your configuration file is in your Documents folder.
    --archivedeleted

    The rule to automatically archive directory-deleted users when the directory is synced to FortiDLP.

    Note

    Before you enable this rule for the first time — either by using this flag or via the configuration file — you need to initialize the directory by performing a full sync to FortiDLP. See Creating the configuration file for details.

    When this flag is used, deleted users will not be archived in Reveal if diffsync is included in the configuration file.
    --printconfig Shows the configuration file in the CLI so it can be reviewed prior to syncing.
    --dryrun Downloads users from your specified LDAP directory and shows their names in the CLI, but does not upload them to the FortiDLP Infrastructure.
    --photosync Enables photo syncing for users' profile pictures in the FortiDLP Console.
    --logs

    String. Sets the file path to write logs to. These logs will contain the same output as displayed in the CLI.

    Example

    For example, on Windows, running .\ldap-sync --logs C:\Users\Sam\Documents\ldap-sync-log.txt would generate a log file called ldap-sync-log.txt in your Documents folder.
    --maxretries Integer. Sets the maximum number of retries that can occur after a failure connecting to the FortiDLP Infrastructure or LDAP server, or syncing users.
    --skiptls Skips certificate verification of the FortiDLP API.
    --version Shows the LDAP Sync Tool software version.
    Previous
    Next