Add LDAP user authentication

This configuration adds LDAP user authentication to the FortiClient dialup VPN configuration (FortiClient as dialup client). You must have already generated and exported a CA certificate from your AD server.

To configure LDAP user authentication using the GUI:
  1. Import the CA certificate into FortiGate:
    1. Go to System > Certificates.

      If the Certificates option is not visible, enable it in Feature Visibility. See Feature visibility for details.

    2. Click Import > CA Certificate.
    3. Set Type to File.
    4. Click Upload then find and select the certificate file.
    5. Click OK.

      The CA certificate now appears in the list of External CA Certificates. In this example, it is called CA_Cert_1.

    6. Optionally, rename the system generated CA_Cert_1 to something more descriptive:
      config vpn certificate ca
          rename CA_Cert_1 to LDAPS-CA
  2. Configure the LDAP user:
    1. Go to User & Authentication > LDAP Servers and click Create New.
    2. Set Name to ldaps-server and specify Server IP/Name.
    3. Specify Common Name Identifier and Distinguished Name.
    4. Set Bind Type to Regular.
    5. Specify Username and Password.
    6. Enable Secure Connection and set Protocol to LDAPS.
    7. For Certificate, select LDAP server CA LDAPS-CA from the list.
    8. Click OK.
  3. Add the LDAP user to the user group:
    1. Go to User & Authentication > User Groups and edit the vpngroup group.
    2. In Remote Groups, click Add to add the ldaps-server remote server.
    3. Click OK.
To configu