Fortinet black logo

CLI Reference

system encryption ibe-auth

system encryption ibe-auth

When mail recipients of the IBE domains access the FortiMail unit after receiving a secure mail notification:

  • recipients of the IBE domains without LDAP authentication profiles need to register to view the email.
  • recipients of the IBE domains with LDAP authentication profiles just need to authenticate because the FortiMail unit can query the LDAP servers for authentication information based on the LDAP profile.

In both cases, the FortiMail unit will record the domain names of the recipients who register or authenticate on it under the User > IBE User > IBE Domain tab.

Use this command to bind domains with LDAP authentication profiles with which the FortiMail unit can query the LDAP servers for authentication, email address mappings, and more. For more information about LDAP profiles, see “profile ldap”.

Syntax

config system encryption ibe-auth

edit <id>

set domain-pattern <string>

set ldap-profile <profile_name>

set status {enable | disable}

end

Variable

Description

Default

<id>

Enter a table ID.

domain-pattern <string>

Enter a domain name that you want to bind to an LDAP authentication profile.

If you want all IBE users to authenticate through an LDAP profile and do not want other non-LDAP-authenticated users to get registered on FortiMail, you can use wildcard * for the domain name and then bind it to an LDAP profile.

ldap-profile <profile_name>

Enter a profile name from the available LDAP profile list, which you want to use to authenticate the domain users.

status {enable | disable}

Enable or disable the rule.

disable

Related topics

system encryption ibe

system encryption ibe-auth

When mail recipients of the IBE domains access the FortiMail unit after receiving a secure mail notification:

  • recipients of the IBE domains without LDAP authentication profiles need to register to view the email.
  • recipients of the IBE domains with LDAP authentication profiles just need to authenticate because the FortiMail unit can query the LDAP servers for authentication information based on the LDAP profile.

In both cases, the FortiMail unit will record the domain names of the recipients who register or authenticate on it under the User > IBE User > IBE Domain tab.

Use this command to bind domains with LDAP authentication profiles with which the FortiMail unit can query the LDAP servers for authentication, email address mappings, and more. For more information about LDAP profiles, see “profile ldap”.

Syntax

config system encryption ibe-auth

edit <id>

set domain-pattern <string>

set ldap-profile <profile_name>

set status {enable | disable}

end

Variable

Description

Default

<id>

Enter a table ID.

domain-pattern <string>

Enter a domain name that you want to bind to an LDAP authentication profile.

If you want all IBE users to authenticate through an LDAP profile and do not want other non-LDAP-authenticated users to get registered on FortiMail, you can use wildcard * for the domain name and then bind it to an LDAP profile.

ldap-profile <profile_name>

Enter a profile name from the available LDAP profile list, which you want to use to authenticate the domain users.

status {enable | disable}

Enable or disable the rule.

disable

Related topics

system encryption ibe