Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiManager 6.2.5 Administration Guide
    6.2.5
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.7
    5.2.6
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    4.3.8
    4.3.7
    4.3.6
    4.3.5
    4.3.4
    4.3.3
    4.3.2
    4.3.1
    4.3.0
    4.2.9
    4.2.8
    4.2.7
    4.2.6
    4.2.5
    4.2.4
    4.2.3
    4.2.2
    4.2.1
    4.2.0
    4.1.0
    4.0.3
    4.0.2
    4.0.1
    4.0.0

    LDAP servers

    LDAP servers

    Lightweight Directory Access Protocol (LDAP) is an Internet protocol used to maintain authentication data that may include departments, people, groups of people, passwords, email addresses, and printers. LDAP consists of a data-representation scheme, a set of defined operations, and a request/response network.

    If you have configured LDAP support and an administrator is required to authenticate using an LDAP server, the FortiManager unit sends the administrator’s credentials to the LDAP server for authentication. If the LDAP server can authenticate the administrator, they are successfully authenticated with the FortiManager unit. If the LDAP server cannot authenticate the administrator, the FortiManager unit refuses the connection.

    To use an LDAP server to authenticate administrators, you must configure the server before configuring the administrator accounts that will use it.

    To add an LDAP server:
    1. Go to System Settings > Admin > Remote Authentication Server.
    2. Select Create New > LDAP Server from the toolbar. The New LDAP Server pane opens.

    3. Configure the following settings, and then click OK to add the LDAP server.

      Name

      Enter a name to identify the LDAP server.

      Server Name/IP

      Enter the IP address or fully qualified domain name of the LDAP server.

      Port

      Enter the port for LDAP traffic. The default port is 389.

      Common Name Identifier

      The common name identifier for the LDAP server. Most LDAP servers use cn. However, some servers use other common name identifiers such as UID.

      Distinguished Name

      The distinguished name is used to look up entries on the LDAP server.

      The distinguished name reflects the hierarchy of LDAP database object classes above the common name identifier. Clicking the query distinguished name icon will query the LDAP server for the name and open the LDAP Distinguished Name Query window to display the results.

      Bind Type

      Select the type of binding for LDAP authentication: Simple, Anonymous, or Regular.

      User DN

      When the Bind Type is set to Regular, enter the user DN.

      Password

      When the Bind Type is set to Regular, enter the password.

      Secure Connection

      Select to use a secure LDAP server connection for authentication.

      Protocol

      When Secure Connection is enabled, select either LDAPS or STARTTLS.

      Certificate

      When Secure Connection is enabled, select the certificate from the dropdown list.

      Administrative Domain

      Choose the ADOMs that this server will be linked to for reporting: All ADOMs (default), or Specify for specific ADOMs.

      Advanced Options

      adom-attr

      Specify an attribute for the ADOM.

      attributes

      Specify the attributes such as member, uniquemember, or memberuid.

      connect-timeout

      Specify the connection timeout in millisecond.

      filter

      Specify the filter in the format (objectclass=*)

      group

      Specify the name of the LDAP group.

      memberof-attr

      Specify the value for this attribute. This value must match the attribute of the group in LDAP Server. All users part of the LDAP group with the attribute matching the memberof-attr will inherit the administrative permissions specified for this group.

      profile-attr

      Specify the attribute for this profile.

      secondary-server

      Specify a secondary server.

      tertiary-server

      Specify a tertiary server.
    Previous
    Next

    LDAP servers

    LDAP servers

    Lightweight Directory Access Protocol (LDAP) is an Internet protocol used to maintain authentication data that may include departments, people, groups of people, passwords, email addresses, and printers. LDAP consists of a data-representation scheme, a set of defined operations, and a request/response network.

    If you have configured LDAP support and an administrator is required to authenticate using an LDAP server, the FortiManager unit sends the administrator’s credentials to the LDAP server for authentication. If the LDAP server can authenticate the administrator, they are successfully authenticated with the FortiManager unit. If the LDAP server cannot authenticate the administrator, the FortiManager unit refuses the connection.

    To use an LDAP server to authenticate administrators, you must configure the server before configuring the administrator accounts that will use it.

    To add an LDAP server:
    1. Go to System Settings > Admin > Remote Authentication Server.
    2. Select Create New > LDAP Server from the toolbar. The New LDAP Server pane opens.

    3. Configure the following settings, and then click OK to add the LDAP server.

      Name

      Enter a name to identify the LDAP server.

      Server Name/IP

      Enter the IP address or fully qualified domain name of the LDAP server.

      Port

      Enter the port for LDAP traffic. The default port is 389.

      Common Name Identifier

      The common name identifier for the LDAP server. Most LDAP servers use cn. However, some servers use other common name identifiers such as UID.

      Distinguished Name

      The distinguished name is used to look up entries on the LDAP server.

      The distinguished name reflects the hierarchy of LDAP database object classes above the common name identifier. Clicking the query distinguished name icon will query the LDAP server for the name and open the LDAP Distinguished Name Query window to display the results.

      Bind Type

      Select the type of binding for LDAP authentication: Simple, Anonymous, or Regular.

      User DN

      When the Bind Type is set to Regular, enter the user DN.

      Password

      When the Bind Type is set to Regular, enter the password.

      Secure Connection

      Select to use a secure LDAP server connection for authentication.

      Protocol

      When Secure Connection is enabled, select either LDAPS or STARTTLS.

      Certificate

      When Secure Connection is enabled, select the certificate from the dropdown list.

      Administrative Domain

      Choose the ADOMs that this server will be linked to for reporting: All ADOMs (default), or Specify for specific ADOMs.

      Advanced Options

      adom-attr

      Specify an attribute for the ADOM.

      attributes

      Specify the attributes such as member, uniquemember, or memberuid.

      connect-timeout

      Specify the connection timeout in millisecond.

      filter

      Specify the filter in the format (objectclass=*)

      group

      Specify the name of the LDAP group.

      memberof-attr

      Specify the value for this attribute. This value must match the attribute of the group in LDAP Server. All users part of the LDAP group with the attribute matching the memberof-attr will inherit the administrative permissions specified for this group.

      profile-attr

      Specify the attribute for this profile.

      secondary-server

      Specify a secondary server.

      tertiary-server

      Specify a tertiary server.
    Previous
    Next