Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiVoice Cookbook

    Home FortiVoice 6.4.2 FortiVoice Cookbook
    6.4.2
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4

    Creating an LDAP profile

    Creating an LDAP profile

    1. Go to Phone System > LDAP > LDAP Profile and click New.
    2. Enter a Profile name.
    3. Set Server name/IP to the FQDN or IP address of the LDAP server.
    4. Set Port to the port that the LDAP server will use to communicate with the FortiVoice unit.

      5. The default port number varies by your selection in Use secure connection. Port 389 is typically used for non-secure connections and port 636 is typically used for SSL-secured connections.

    5. Optionally, set enter a Fallback server name /IP and Port. Enter the fully qualified domain name (FQDN) or IP address of an alternate LDAP server that the FortiVoice unit can query if the primary LDAP server is unreachable.

      The default port number varies by your selection in Use secure connection. Port 389 is typically used for non-secure connections and port 636 is typically used for SSL-secured connections.

    6. Set Use secure connection to None or SSL.
    7. Set Base DN to the distinguished name (DN) of the LDAP directory tree within which the FortiVoice unit will search for user objects, such as ou=People,dc=example,dc=com.
    8. Set the Bind DN of an LDAP user account who has permissions to query the base DN, such as cn=FortiVoice,dc=example,dc=com.

      9. This field may be optional if your LDAP server does not require the FortiVoice unit to authenticate when performing queries.

    9. Enter the Bind password of the Bind DN, if applicable.
    10. Under User Authentication Options, enable one of the following:
      • Try Common Name with Base DN as Bind DN: Enable to form the user’s bind DN by prepending a common name to the base DN. Also enter the name of the user objects’ common name attribute, such as cn or uid into the field.
      • Search User and Try Bind DN: Select to form the user’s bind DN by using the DN retrieved for that user.
        • To automatically populate the LDAP user query field, select a Schema other than User Defined.
        • In Scope, select which level of depth to query.
        • In Derefer, select the method to use, if any, when dereferencing attributes whose values are references.

        • For more information about configuring the LDAP query filter and schema required for this option, see the Configuring authentication options section in the FortiVoice Phone System Administration Guide.

    11. Under Advanced Options, enter a Timeout in seconds that the FortiVoice unit will wait for query responses from the LDAP server.
    12. Set Protocol version to the protocol used by the LDAP server.
    13. To cache LDAP query results, click Enable cache.
    14. Set TTL to the number of minutes that the FortiVoice unit will cache query results. After the TTL has elapsed, cached results expire, and any subsequent request for that information causes the FortiVoice unit to query the LDAP server, refreshing the cache.

      15. If caching is enabled, but queries are not being cached, review the value entered for TTL. Setting a TTL of 0 effectively disables caching.

    15. Click Create or OK.

    Previous
    Next

    Creating an LDAP profile

    Creating an LDAP profile

    1. Go to Phone System > LDAP > LDAP Profile and click New.
    2. Enter a Profile name.
    3. Set Server name/IP to the FQDN or IP address of the LDAP server.
    4. Set Port to the port that the LDAP server will use to communicate with the FortiVoice unit.

      5. The default port number varies by your selection in Use secure connection. Port 389 is typically used for non-secure connections and port 636 is typically used for SSL-secured connections.

    5. Optionally, set enter a Fallback server name /IP and Port. Enter the fully qualified domain name (FQDN) or IP address of an alternate LDAP server that the FortiVoice unit can query if the primary LDAP server is unreachable.

      The default port number varies by your selection in Use secure connection. Port 389 is typically used for non-secure connections and port 636 is typically used for SSL-secured connections.

    6. Set Use secure connection to None or SSL.
    7. Set Base DN to the distinguished name (DN) of the LDAP directory tree within which the FortiVoice unit will search for user objects, such as ou=People,dc=example,dc=com.
    8. Set the Bind DN of an LDAP user account who has permissions to query the base DN, such as cn=FortiVoice,dc=example,dc=com.

      9. This field may be optional if your LDAP server does not require the FortiVoice unit to authenticate when performing queries.

    9. Enter the Bind password of the Bind DN, if applicable.
    10. Under User Authentication Options, enable one of the following:
      • Try Common Name with Base DN as Bind DN: Enable to form the user’s bind DN by prepending a common name to the base DN. Also enter the name of the user objects’ common name attribute, such as cn or uid into the field.
      • Search User and Try Bind DN: Select to form the user’s bind DN by using the DN retrieved for that user.
        • To automatically populate the LDAP user query field, select a Schema other than User Defined.
        • In Scope, select which level of depth to query.
        • In Derefer, select the method to use, if any, when dereferencing attributes whose values are references.

        • For more information about configuring the LDAP query filter and schema required for this option, see the Configuring authentication options section in the FortiVoice Phone System Administration Guide.

    11. Under Advanced Options, enter a Timeout in seconds that the FortiVoice unit will wait for query responses from the LDAP server.
    12. Set Protocol version to the protocol used by the LDAP server.
    13. To cache LDAP query results, click Enable cache.
    14. Set TTL to the number of minutes that the FortiVoice unit will cache query results. After the TTL has elapsed, cached results expire, and any subsequent request for that information causes the FortiVoice unit to query the LDAP server, refreshing the cache.

      15. If caching is enabled, but queries are not being cached, review the value entered for TTL. Setting a TTL of 0 effectively disables caching.

    15. Click Create or OK.

    Previous
    Next