User management Page 60 FortiRecorder 2.4.2 Administration Guide
4. Click Create.
The account should now be able to log in.
Configuring LDAP authentication
FortiRecorder supports LDAP user authentication. You will use the LDAP authentication profiles
when you add user accounts.
To configure an LDAP query
1. Go to System > Authentication > LDAP.
2. Click New.
A dialog appears.
Subtype
ID
Type the subtype ID for account permissions as it is defined on your
RADIUS server. On many RADIUS servers, Fortinet’s default subtype
ID for access profiles is 6.
The subtype ID is an ID for the user type (permissions) attribute. It
should be, but is not required to be, present in Access-Accept reply
packets from your RADIUS server to FortiRecorder.
Packets from your RADIUS server should use this attribute’s value to
refer to the name of a Type (e.g. Administrator) on FortiRecorder. If the
packet does not have this attribute-value pair, FortiRecorder will use
whichever permissions you defined locally for the account in Type. If
the packet does not contain the attribute-value pair and you have not
configured Type, when the person attempts to authenticate, even if
successfully authenticated, authorization will be null, and he or she will
receive a “permission denied” error message:
you do not have rights to view this page
The default value is 0.
LDAP profile Select an LDAP authentication profile that defines the connection
settings. See “To configure an LDAP query”.
Caution: Secure your authentication server and, if possible, all query
traffic to it. Compromise of the authentication server could allow
attackers to gain administrative access to your FortiRecorder
appliance.
Theme Select this administrator account’s preference for the initial web UI
color scheme or click Use Current to choose the theme currently in
effect for your own web UI session.
The administrator may switch the theme at any time after he or she
logs in by clicking Next Theme in the top right corner.
Setting name Description
To Next Page
Loading...