Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • User Guide

    Home FortiPortal 5.3.4 User Guide
    5.3.4
    7.4.1
    7.4.0
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.0.15
    6.0.14
    6.0.13
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.3.8
    5.3.7
    5.3.6
    5.3.5
    5.3.4
    5.3.3
    5.3.2
    5.3.0
    5.2.0
    4.1.0

    LDAP authentication

    LDAP authentication

    You can add, update, and delete LDAP authentication settings.

    Add LDAP authentication settings

    1. Select ldap from the Auth Server Settings tree.
    2. Right-click in the LDAP authentication table and select Create New.
    3. Enter values in the relevant fields. See LDAP authentication fields.
    4. Select Save.

    Update LDAP authentication settings

    1. Select ldap from the Auth Server Settings tree.
    2. Right-click an LDAP server and select Edit.
    3. Update the values that you want to change.
    4. Select Save.

    Delete LDAP authentication settings

    1. Select ldap from the Auth Server Settings tree.
    2. Right-click an LDAP server and select Delete.
    3. Select Yes in the confirmation dialog box to delete the selected server.

    LDAP authentication fields

    The Create New user-ldap and Edit user-ldap forms contain the following fields:

    Settings

    Guidelines

    Name

    Required. The LDAP server name.

    Account Key Filter

    Account key filter, using the user principal name (UPN) as the search filter.

    Account Key Processing

    Account key processing operation, either to keep or to strip the domain string of the UPN in the token:

    same—Same as the UPN.

    strip—Strip the domain string from UPN.

    CA-Cert

    CA certificate name.

    CN ID

    Common name identifier for the LDAP server. The common name identifier for most LDAP servers is cn.

    Distinguished Name

    Required. Distinguished name used to look up entries on the LDAP server.

    Group Filter

    The filter used for group matching.

    Group Member Check

    Group member checking methods:

    user-attr—User attribute checking.

    group-object—Group object checking.

    posix-group-object—POSIX group object checking.

    Group Object Filter

    The filter used for group searching.

    Group Search Base

    The search base used for group searching.

    Member Attribute

    The name of the attribute from which to get group membership.

    Password

    The password for initial binding.

    Enable Password Expiry Warning

    Enable or disable warnings before the password expires.

    Password Renewal

    Enable or disable online password renewal.

    Port

    The port to be used for communication with the LDAP server. The default is 389.

    Secondary Server

    The CN domain name or IP address of the secondary LDAP server.

    Secure

    The security protocol to be used for authentication:

    starttls—Use StartTLS.

    disable—No SSL.

    ldaps—Use LDAPS.

    Server

    Required. The CN domain name or IP address of the LDAP server.

    Server Identity Check

    Enable or disable whether the server identity is checked.

    IP

    The source IPv4 address for communications to LDAP server.

    SSL_MIN_Protocol Version

    The minimum supported protocol version for SSL/TLS connections.

    SSLv3—SSLv3.

    default—Follow system global setting.

    TLSv1—TLSv1.

    TLSv1-2—TLSv1.2.
    TLSv1-1—TLSv1.1.

    Tertiary Server

    The CN domain name or IP address of the tertiary LDAP server.

    Type

    Authentication type for LDAP searches:

    anonymous—Bind using anonymous user search.

    simple—Simple password authentication without search.

    regular—Bind using user name and password and then search.

    Username

    User name (full DN) for initial binding.
    Previous
    Next

    LDAP authentication

    LDAP authentication

    You can add, update, and delete LDAP authentication settings.

    Add LDAP authentication settings

    1. Select ldap from the Auth Server Settings tree.
    2. Right-click in the LDAP authentication table and select Create New.
    3. Enter values in the relevant fields. See LDAP authentication fields.
    4. Select Save.

    Update LDAP authentication settings

    1. Select ldap from the Auth Server Settings tree.
    2. Right-click an LDAP server and select Edit.
    3. Update the values that you want to change.
    4. Select Save.

    Delete LDAP authentication settings

    1. Select ldap from the Auth Server Settings tree.
    2. Right-click an LDAP server and select Delete.
    3. Select Yes in the confirmation dialog box to delete the selected server.

    LDAP authentication fields

    The Create New user-ldap and Edit user-ldap forms contain the following fields:

    Settings

    Guidelines

    Name

    Required. The LDAP server name.

    Account Key Filter

    Account key filter, using the user principal name (UPN) as the search filter.

    Account Key Processing

    Account key processing operation, either to keep or to strip the domain string of the UPN in the token:

    same—Same as the UPN.

    strip—Strip the domain string from UPN.

    CA-Cert

    CA certificate name.

    CN ID

    Common name identifier for the LDAP server. The common name identifier for most LDAP servers is cn.

    Distinguished Name

    Required. Distinguished name used to look up entries on the LDAP server.

    Group Filter

    The filter used for group matching.

    Group Member Check

    Group member checking methods:

    user-attr—User attribute checking.

    group-object—Group object checking.

    posix-group-object—POSIX group object checking.

    Group Object Filter

    The filter used for group searching.

    Group Search Base

    The search base used for group searching.

    Member Attribute

    The name of the attribute from which to get group membership.

    Password

    The password for initial binding.

    Enable Password Expiry Warning

    Enable or disable warnings before the password expires.

    Password Renewal

    Enable or disable online password renewal.

    Port

    The port to be used for communication with the LDAP server. The default is 389.

    Secondary Server

    The CN domain name or IP address of the secondary LDAP server.

    Secure

    The security protocol to be used for authentication:

    starttls—Use StartTLS.

    disable—No SSL.

    ldaps—Use LDAPS.

    Server

    Required. The CN domain name or IP address of the LDAP server.

    Server Identity Check

    Enable or disable whether the server identity is checked.

    IP

    The source IPv4 address for communications to LDAP server.

    SSL_MIN_Protocol Version

    The minimum supported protocol version for SSL/TLS connections.

    SSLv3—SSLv3.

    default—Follow system global setting.

    TLSv1—TLSv1.

    TLSv1-2—TLSv1.2.
    TLSv1-1—TLSv1.1.

    Tertiary Server

    The CN domain name or IP address of the tertiary LDAP server.

    Type

    Authentication type for LDAP searches:

    anonymous—Bind using anonymous user search.

    simple—Simple password authentication without search.

    regular—Bind using user name and password and then search.

    Username

    User name (full DN) for initial binding.
    Previous
    Next