User LDAP servers
FortiGate Version 3.0 MR4 Administration Guide
01-30004-0203-20070102 323
LDAP servers
If you have configured LDAP support and a user is required to authenticate using
an LDAP server, the FortiGate unit contacts the LDAP server for authentication.
To authenticate with the FortiGate unit, the user enters a user name and
password. The FortiGate unit sends this user name and password to the LDAP
server. If the LDAP server can authenticate the user, the user is successfully
authenticated with the FortiGate unit. If the LDAP server cannot authenticate the
user, the connection is refused by the FortiGate unit.
The FortiGate unit supports LDAP protocol functionality defined in RFC2251 for
looking up and validating user names and passwords. FortiGate LDAP supports
all LDAP servers compliant with LDAP v3. In addition, FortiGate LDAP supports
LDAP over SSL/TLS. To configure SSL/TLS authentication, refer to the
FortiGate
CLI Reference.
FortiGate LDAP support does not extend to proprietary functionality, such as
notification of password expiration, that is available from some LDAP servers.
FortiGate LDAP support does not supply information to the user about why
authentication failed.
Go to User > LDAP to configure an LDAP server.
Figure 207:LDAP server list
Create New Add a new LDAP server.
Name The name that identifies the LDAP server on the FortiGate unit.
Server Name/IP The domain name or IP address of the LDAP server.
Port The port used to communicate with the LDAP server.
Common Name
Identifier
The common name identifier for the LDAP server. The common name
identifier for most LDAP servers is cn. However, some servers use
other common name identifiers such as uid.
Distinguished
Name
The distinguished name used to look up entries on the LDAP server.
The distinguished name reflects the hierarchy of LDAP database object
classes above the common name identifier.
Delete icon Delete the LDAP server configuration.
Edit icon Edit the LDAP server configuration.
To Next Page
Loading...
