Fortinet black logo

FortiVoice Cookbook

Creating an LDAP profile

Copy Link
Copy Doc ID 825cd852-7d80-11ed-8e6d-fa163e15d75b:948675
Download PDF

Creating an LDAP profile

  1. Go to Phone System > LDAP > LDAP Profile and click New.
  2. Enter a Profile name.
  3. Set Server name/IP to the FQDN or IP address of the LDAP server.
  4. Set Port to the port that the LDAP server will use to communicate with the FortiVoice unit.
  5. The default port number varies by your selection in Use secure connection. Port 389 is typically used for non-secure connections and port 636 is typically used for SSL-secured connections.

  6. Optionally, set enter a Fallback server name /IP and Port. Enter the fully qualified domain name (FQDN) or IP address of an alternate LDAP server that the FortiVoice unit can query if the primary LDAP server is unreachable.

    The default port number varies by your selection in Use secure connection. Port 389 is typically used for non-secure connections and port 636 is typically used for SSL-secured connections.

  7. Set Use secure connection to None or SSL.
  8. Set Base DN to the distinguished name (DN) of the LDAP directory tree within which the FortiVoice unit will search for user objects, such as ou=People,dc=example,dc=com.
  9. Set the Bind DN of an LDAP user account who has permissions to query the base DN, such as cn=FortiVoice,dc=example,dc=com.
  10. This field may be optional if your LDAP server does not require the FortiVoice unit to authenticate when performing queries.

  11. Enter the Bind password of the Bind DN, if applicable.
  12. Under User Authentication Options, enable one of the following:
    • Try Common Name with Base DN as Bind DN: Enable to form the user’s bind DN by prepending a common name to the base DN. Also enter the name of the user objects’ common name attribute, such as cn or uid into the field.
    • Search User and Try Bind DN: Select to form the user’s bind DN by using the DN retrieved for that user.
      • To automatically populate the LDAP user query field, select a Schema other than User Defined.
      • In Scope, select which level of depth to query.
      • In Derefer, select the method to use, if any, when dereferencing attributes whose values are references.
    • For more information about configuring the LDAP query filter and schema required for this option, see the Configuring authentication options section in the FortiVoice Phone System Administration Guide.

  13. Under Advanced Options, enter a Timeout in seconds that the FortiVoice unit will wait for query responses from the LDAP server.
  14. Set Protocol version to the protocol used by the LDAP server.
  15. To cache LDAP query results, click Enable cache.
  16. Set TTL to the number of minutes that the FortiVoice unit will cache query results. After the TTL has elapsed, cached results expire, and any subsequent request for that information causes the FortiVoice unit to query the LDAP server, refreshing the cache.
  17. If caching is enabled, but queries are not being cached, review the value entered for TTL. Setting a TTL of 0 effectively disables caching.

  18. Click Create or OK.

Creating an LDAP profile

  1. Go to Phone System > LDAP > LDAP Profile and click New.
  2. Enter a Profile name.
  3. Set Server name/IP to the FQDN or IP address of the LDAP server.
  4. Set Port to the port that the LDAP server will use to communicate with the FortiVoice unit.
  5. The default port number varies by your selection in Use secure connection. Port 389 is typically used for non-secure connections and port 636 is typically used for SSL-secured connections.

  6. Optionally, set enter a Fallback server name /IP and Port. Enter the fully qualified domain name (FQDN) or IP address of an alternate LDAP server that the FortiVoice unit can query if the primary LDAP server is unreachable.

    The default port number varies by your selection in Use secure connection. Port 389 is typically used for non-secure connections and port 636 is typically used for SSL-secured connections.

  7. Set Use secure connection to None or SSL.
  8. Set Base DN to the distinguished name (DN) of the LDAP directory tree within which the FortiVoice unit will search for user objects, such as ou=People,dc=example,dc=com.
  9. Set the Bind DN of an LDAP user account who has permissions to query the base DN, such as cn=FortiVoice,dc=example,dc=com.
  10. This field may be optional if your LDAP server does not require the FortiVoice unit to authenticate when performing queries.

  11. Enter the Bind password of the Bind DN, if applicable.
  12. Under User Authentication Options, enable one of the following:
    • Try Common Name with Base DN as Bind DN: Enable to form the user’s bind DN by prepending a common name to the base DN. Also enter the name of the user objects’ common name attribute, such as cn or uid into the field.
    • Search User and Try Bind DN: Select to form the user’s bind DN by using the DN retrieved for that user.
      • To automatically populate the LDAP user query field, select a Schema other than User Defined.
      • In Scope, select which level of depth to query.
      • In Derefer, select the method to use, if any, when dereferencing attributes whose values are references.
    • For more information about configuring the LDAP query filter and schema required for this option, see the Configuring authentication options section in the FortiVoice Phone System Administration Guide.

  13. Under Advanced Options, enter a Timeout in seconds that the FortiVoice unit will wait for query responses from the LDAP server.
  14. Set Protocol version to the protocol used by the LDAP server.
  15. To cache LDAP query results, click Enable cache.
  16. Set TTL to the number of minutes that the FortiVoice unit will cache query results. After the TTL has elapsed, cached results expire, and any subsequent request for that information causes the FortiVoice unit to query the LDAP server, refreshing the cache.
  17. If caching is enabled, but queries are not being cached, review the value entered for TTL. Setting a TTL of 0 effectively disables caching.

  18. Click Create or OK.