Configuring an LDAP server

FortiOS can be configured to use an LDAP server for authentication.

To configure an LDAP server on the FortiGate:
  1. Go to User & Authentication > LDAP Servers.
  2. Click Create New.
  3. Configure the following:


    This connection name is for reference within the FortiGate only.

    Server IP/Name

    LDAP server IP address or FQDN resolvable by the FortiGate.

    Server Port

    By default, LDAP uses port 389 and LDAPS uses 636. Use this field to specify a custom port if necessary.

    Common Name Identifier

    Attribute field of the object in LDAP that the FortiGate uses to identify the connecting user. The identifier is case sensitive. Common attributes are:

    • cn (Common Name)
    • sAMAccountName (SAMAccountName)
    • uid (User ID)

    Distinguished Name

    Used to look up user account entries on the LDAP server. It reflects the hierarchy of LDAP database object classes above the CN identifier in which you are doing the lookup.

    Enter dc=COMPANY,dc=com to specify the root of the domain to include all objects.