Creating an LDAP profile
- Go to Phone System > LDAP > LDAP Profile and click New.
- Enter a Profile name.
- Set Server name/IP to the FQDN or IP address of the LDAP server.
- Set Port to the port that the LDAP server will use to communicate with the FortiVoice unit.
- Optionally, set enter a Fallback server name /IP and Port. Enter the fully qualified domain name (FQDN) or IP address of an alternate LDAP server that the FortiVoice unit can query if the primary LDAP server is unreachable.
The default port number varies by your selection in Use secure connection. Port 389 is typically used for non-secure connections and port 636 is typically used for SSL-secured connections.
- Set Use secure connection to None or SSL.
- Set Base DN to the distinguished name (DN) of the LDAP directory
tree within which the FortiVoice unit will search for user objects, such
as
ou=People,dc=example,dc=com
. - Set the Bind DN of an LDAP user account who has permissions to query the base DN, such as
cn=FortiVoice,dc=example,dc=com
. - Enter the Bind password of the Bind DN, if applicable.
- Under User Authentication Options, enable one of the following:
- Try Common Name with Base DN as Bind DN: Enable to form the user’s bind DN by prepending a common name to
the base DN. Also enter the name of the user objects’ common
name attribute, such as
cn
oruid
into the field. - Search User and Try Bind DN: Select to form the user’s bind DN by using the DN retrieved for that
user.
- To automatically populate the LDAP user query field, select a Schema other than User Defined.
- In Scope, select which level of depth to query.
- In Derefer, select the method to use, if any, when dereferencing attributes whose values are references.
For more information about configuring the LDAP query filter and schema required for this option, see the Configuring authentication options section in the FortiVoice Phone System Administration Guide.
- Try Common Name with Base DN as Bind DN: Enable to form the user’s bind DN by prepending a common name to
the base DN. Also enter the name of the user objects’ common
name attribute, such as
- Under Advanced Options, enter a Timeout in seconds that the FortiVoice unit will wait for query responses from the LDAP server.
- Set Protocol version to the protocol used by the LDAP server.
- To cache LDAP query results, click Enable cache.
- Set TTL to the number of minutes that the FortiVoice unit will cache query results. After the TTL has elapsed, cached results expire, and any subsequent request for that information causes the FortiVoice unit to query the LDAP server, refreshing the cache.
- Click Create or OK.
The default port number varies by your selection in Use secure connection. Port 389 is typically used for non-secure connections and port 636 is typically used for SSL-secured connections.
This field may be optional if your LDAP server does not require the FortiVoice unit to authenticate when performing queries.
If caching is enabled, but queries are not being cached, review the value entered for TTL. Setting a TTL of 0 effectively disables caching.