Add/modify directory - Connection tab

The Connection tab contains the parameters required for communication with the Directory. Not all fields are required. Be sure to enter information only in those fields that apply to your directory.

Field	Description
Name	Name of the server where the directory is hosted.
Primary IP	IP Address of the primary directory server. The server will be added as a pingable device.
Security Protocol	The security protocol used when communicating with the server containing your directory. Options are SSL, STARTTLS, and None. See Create a keystore or SSL or TLS communications to LDAP for instructions on importing and storing certificates. If SSL or STARTTLS are chosen you must have a security certificate from a Certificate Authority. The certificate should be stored in the following directory on your appliance `/bsc/campusMgr/`
MAC Address	Physical Address of the primary directory server. This field is required.
LDAP Log in	User log in name FortiNAC uses to access the LDAP server.
LDAP Password	Password for the user log in.
Validate Credentials	Click to verify that directory credentials are correct.
Credential Status	Displays the results of clicking the Validate Credentials button. Messages such as Credentials Verified or Failed to Validate can be displayed.
Additional Configuration	Displays the fields listed below in this table.
Domain Name	If this field contains a domain name, users must include the domain name in their log in to be authenticated against this directory. Example: Valid formats for log in are: user, user@domain.com and domain\user. Setting a value here requires all users to supply a domain name during log in. When no domain is specified in the Directory Configuration view and the log in includes a domain, authentication first uses the user name and the domain name. If this authentication fails, a second authentication is attempted using only the user name.
Secondary Server	FQDN or IP Address of the secondary directory server. This server would be accessed in the event that the Primary server was unavailable. This server is added as a pingable device.
Version	Directory version. Default = 3
Port	Communication port used by the directory. The default port is based on the security protocol. To use a port other than the default, type the desired port number into this field. Common port values/protocols are: None = 389 SSL = 636 STARTTLS = 389
Time Limit	Time in seconds that FortiNAC waits for a response from the directory. Default = 5. The number of seconds may need to be increased in the Directory or in FortiNAC if the exception “Time Limit Exceeded” begins to be noted more often.
Enable Synchronization of Users/Groups At Scheduled Time	Check this box to synchronize the FortiNAC database with either the Primary or the Secondary Directory servers based on a schedule in the Scheduler View.
Remove Users Deleted From The Directory	When checked, users that have been removed from the directory will be removed from the FortiNAC database when the scheduled resynchronization takes place.
Perform Lookup On Referral	Referrals allow administrators to set up search paths for collecting results from multiple servers. If you have configured your directory for referrals and you want to do authentication on the referred directory servers, enable this option.
Connect by Name	Automatically checked when StartTLS is selected as the Security Protocol. FortiNAC connects to LDAP using the the Name field of the Directory Configuration with a URL such as ldap://dc.example.com to connect to the primary server. When not selected, FortiNAC will connect to LDAP using the Primary IP address field of the Directory Configuration with a URL such as ldap://10.0.0.2.

The Administrator must enter the specific connection information for the Directory server used for user authentication. The Security information required varies depending on the type of directory you are using. Be sure to enter only the data required for your directory type.

The Directories View can be accessed either from System > Settings > Authentication > LDAP.

Click System > Settings.
Click the Authentication folder in the tree control.
Click LDAP to display the Directories window.
To modify a directory, select a directory in the list and click Modify.
To add a directory, click Add.
A list of directories found on your network is displayed. Click on the name of the directory to be added. If the directory is not listed, click Enter Manually. Directories are found based on SRV records on your corporate DNS.
Use the information in the Field Definitions table above to enter connection information.
Click the Connection tab and enter connection information.
Click Validate Credentials to verify the connection.
If FortiNAC is able to successfully connect to the Directory a Credentials Verified message is displayed in the Credential Status field.
To ensure that the user data is available to FortiNAC, you must also complete the User Attributes, Group Attributes, Search Branches and Select Groups tabs. See Add/modify directory - User Attributes tab .
Click Next to continue.

Add/modify directory - Connection tab

The Connection tab contains the parameters required for communication with the Directory. Not all fields are required. Be sure to enter information only in those fields that apply to your directory.

Field	Description
Name	Name of the server where the directory is hosted.
Primary IP	IP Address of the primary directory server. The server will be added as a pingable device.
Security Protocol	The security protocol used when communicating with the server containing your directory. Options are SSL, STARTTLS, and None. See Create a keystore or SSL or TLS communications to LDAP for instructions on importing and storing certificates. If SSL or STARTTLS are chosen you must have a security certificate from a Certificate Authority. The certificate should be stored in the following directory on your appliance `/bsc/campusMgr/`
MAC Address	Physical Address of the primary directory server. This field is required.
LDAP Log in	User log in name FortiNAC uses to access the LDAP server.
LDAP Password	Password for the user log in.
Validate Credentials	Click to verify that directory credentials are correct.
Credential Status	Displays the results of clicking the Validate Credentials button. Messages such as Credentials Verified or Failed to Validate can be displayed.
Additional Configuration	Displays the fields listed below in this table.
Domain Name	If this field contains a domain name, users must include the domain name in their log in to be authenticated against this directory. Example: Valid formats for log in are: user, user@domain.com and domain\user. Setting a value here requires all users to supply a domain name during log in. When no domain is specified in the Directory Configuration view and the log in includes a domain, authentication first uses the user name and the domain name. If this authentication fails, a second authentication is attempted using only the user name.
Secondary Server	FQDN or IP Address of the secondary directory server. This server would be accessed in the event that the Primary server was unavailable. This server is added as a pingable device.
Version	Directory version. Default = 3
Port	Communication port used by the directory. The default port is based on the security protocol. To use a port other than the default, type the desired port number into this field. Common port values/protocols are: None = 389 SSL = 636 STARTTLS = 389
Time Limit	Time in seconds that FortiNAC waits for a response from the directory. Default = 5. The number of seconds may need to be increased in the Directory or in FortiNAC if the exception “Time Limit Exceeded” begins to be noted more often.
Enable Synchronization of Users/Groups At Scheduled Time	Check this box to synchronize the FortiNAC database with either the Primary or the Secondary Directory servers based on a schedule in the Scheduler View.
Remove Users Deleted From The Directory	When checked, users that have been removed from the directory will be removed from the FortiNAC database when the scheduled resynchronization takes place.
Perform Lookup On Referral	Referrals allow administrators to set up search paths for collecting results from multiple servers. If you have configured your directory for referrals and you want to do authentication on the referred directory servers, enable this option.
Connect by Name	Automatically checked when StartTLS is selected as the Security Protocol. FortiNAC connects to LDAP using the the Name field of the Directory Configuration with a URL such as ldap://dc.example.com to connect to the primary server. When not selected, FortiNAC will connect to LDAP using the Primary IP address field of the Directory Configuration with a URL such as ldap://10.0.0.2.

The Directories View can be accessed either from System > Settings > Authentication > LDAP.

Click System > Settings.
Click the Authentication folder in the tree control.
Click LDAP to display the Directories window.
To modify a directory, select a directory in the list and click Modify.
To add a directory, click Add.
A list of directories found on your network is displayed. Click on the name of the directory to be added. If the directory is not listed, click Enter Manually. Directories are found based on SRV records on your corporate DNS.
Use the information in the Field Definitions table above to enter connection information.
Click the Connection tab and enter connection information.
Click Validate Credentials to verify the connection.
If FortiNAC is able to successfully connect to the Directory a Credentials Verified message is displayed in the Credential Status field.
To ensure that the user data is available to FortiNAC, you must also complete the User Attributes, Group Attributes, Search Branches and Select Groups tabs. See Add/modify directory - User Attributes tab .
Click Next to continue.