Creating an LDAP profile
- Go to Phone System > Profile > LDAP and click New, or edit an existing profile.
- Enter a Profile name.
- Set Server name/IP to the FQDN or IP address of the LDAP server.
- Set Port to the port that the LDAP server will use to communicate with the FortiVoice unit.
- Set Use secure connection to None or SSL. Port 389 is typically used for non-secure connections, and port 636 is typically used for SSL-secured (LDAPS) connections.
- Set Base DN to the distinguished name (DN) of the LDAP directory
tree within which the FortiVoice unit will search for user objects, such
as
ou=People,dc=example,dc=com
. - Set the Bind DN of an LDAP user account who has permissions to query the base DN, such as
cn=FortiVoice,dc=example,dc=com
. - Enter the Bind password, if applicable.
- Under User Authentication Options, enable one of the following:
-
Try Common Name with Base DN as Bind DN: Enable to form the user’s bind DN by prepending a common name to
the base DN. Also enter the name of the user objects’ common
name attribute, such as
cn
oruid
into the field. - Search User and Try Bind DN: Select to form the user’s bind DN by using the DN retrieved for that user.
For more information about configuring the LDAP query filter and schema required for this option, see the FortiVoice Phone System Administration Guide.
-
Try Common Name with Base DN as Bind DN: Enable to form the user’s bind DN by prepending a common name to
the base DN. Also enter the name of the user objects’ common
name attribute, such as
- Under Advanced Options, enter a Timeout in seconds that the FortiVoice unit will wait for query responses from the LDAP server.
- Set Protocol version to the protocol used by the LDAP server.
- Click Enable cache to cache LDAP query results.
- Set TTL to the number of minutes that the FortiVoice unit will cache query results. After the TTL has elapsed, cached results expire, and any subsequent request for that information causes the FortiVoice unit to query the LDAP server, refreshing the cache.
- Click Enable user password change to allow users of the FortiVoice user portal to change their password.
- Set Password schema to your LDAP server's user schema style, either OpenLDAP or Active Directory.
- Click Create or OK.
Note that the default port number depends on whether the LDAP server uses an encrypted connection (see the next step).
Note that this is only necessary if your LDAP server requires the FortiVoice unit to authenticate when performing queries.
Note that if caching is enabled, but queries are not being cached, review the value entered for TTL. Setting a TTL of 0 effectively disables caching.