Fortinet black logo

FortiVoice Cookbook

Creating an LDAP profile

Copy Link
Copy Doc ID 272a07e7-80f9-11ea-9384-00505692583a:948675
Download PDF

Creating an LDAP profile

  1. Go to Phone System > Profile > LDAP and click New, or edit an existing profile.
  2. Enter a Profile name.
  3. Set Server name/IP to the FQDN or IP address of the LDAP server.
  4. Set Port to the port that the LDAP server will use to communicate with the FortiVoice unit.
  5. Note that the default port number depends on whether the LDAP server uses an encrypted connection (see the next step).

  6. Set Use secure connection to None or SSL. Port 389 is typically used for non-secure connections, and port 636 is typically used for SSL-secured (LDAPS) connections.
  7. Set Base DN to the distinguished name (DN) of the LDAP directory tree within which the FortiVoice unit will search for user objects, such as ou=People,dc=example,dc=com.
  8. Set the Bind DN of an LDAP user account who has permissions to query the base DN, such as cn=FortiVoice,dc=example,dc=com.
  9. Note that this is only necessary if your LDAP server requires the FortiVoice unit to authenticate when performing queries.

  10. Enter the Bind password, if applicable.
  11. Under User Authentication Options, enable one of the following:
    • Try Common Name with Base DN as Bind DN: Enable to form the user’s bind DN by prepending a common name to the base DN. Also enter the name of the user objects’ common name attribute, such as cn or uid into the field.
    • Search User and Try Bind DN: Select to form the user’s bind DN by using the DN retrieved for that user.
    • For more information about configuring the LDAP query filter and schema required for this option, see the FortiVoice Phone System Administration Guide.

  12. Under Advanced Options, enter a Timeout in seconds that the FortiVoice unit will wait for query responses from the LDAP server.
  13. Set Protocol version to the protocol used by the LDAP server.
  14. Click Enable cache to cache LDAP query results.
  15. Set TTL to the number of minutes that the FortiVoice unit will cache query results. After the TTL has elapsed, cached results expire, and any subsequent request for that information causes the FortiVoice unit to query the LDAP server, refreshing the cache.
  16. Note that if caching is enabled, but queries are not being cached, review the value entered for TTL. Setting a TTL of 0 effectively disables caching.

  17. Click Enable user password change to allow FortiVoice web portal users to change their password.
  18. Set Password schema to your LDAP server's user schema style, either OpenLDAP or Active Directory.
  19. Click Create or OK.

Creating an LDAP profile

  1. Go to Phone System > Profile > LDAP and click New, or edit an existing profile.
  2. Enter a Profile name.
  3. Set Server name/IP to the FQDN or IP address of the LDAP server.
  4. Set Port to the port that the LDAP server will use to communicate with the FortiVoice unit.
  5. Note that the default port number depends on whether the LDAP server uses an encrypted connection (see the next step).

  6. Set Use secure connection to None or SSL. Port 389 is typically used for non-secure connections, and port 636 is typically used for SSL-secured (LDAPS) connections.
  7. Set Base DN to the distinguished name (DN) of the LDAP directory tree within which the FortiVoice unit will search for user objects, such as ou=People,dc=example,dc=com.
  8. Set the Bind DN of an LDAP user account who has permissions to query the base DN, such as cn=FortiVoice,dc=example,dc=com.
  9. Note that this is only necessary if your LDAP server requires the FortiVoice unit to authenticate when performing queries.

  10. Enter the Bind password, if applicable.
  11. Under User Authentication Options, enable one of the following:
    • Try Common Name with Base DN as Bind DN: Enable to form the user’s bind DN by prepending a common name to the base DN. Also enter the name of the user objects’ common name attribute, such as cn or uid into the field.
    • Search User and Try Bind DN: Select to form the user’s bind DN by using the DN retrieved for that user.
    • For more information about configuring the LDAP query filter and schema required for this option, see the FortiVoice Phone System Administration Guide.

  12. Under Advanced Options, enter a Timeout in seconds that the FortiVoice unit will wait for query responses from the LDAP server.
  13. Set Protocol version to the protocol used by the LDAP server.
  14. Click Enable cache to cache LDAP query results.
  15. Set TTL to the number of minutes that the FortiVoice unit will cache query results. After the TTL has elapsed, cached results expire, and any subsequent request for that information causes the FortiVoice unit to query the LDAP server, refreshing the cache.
  16. Note that if caching is enabled, but queries are not being cached, review the value entered for TTL. Setting a TTL of 0 effectively disables caching.

  17. Click Enable user password change to allow FortiVoice web portal users to change their password.
  18. Set Password schema to your LDAP server's user schema style, either OpenLDAP or Active Directory.
  19. Click Create or OK.