User management Page 63 FortiRecorder 2.4.2 Administration Guide
LDAP user query Enter an LDAP query filter that selects a set of user objects from the
LDAP directory.
The query string filters the result set, and should be based upon any
attributes that are common to all user objects but also exclude
non-user objects.
For example, if user objects in your directory have two distinguishing
characteristics, their objectClass and mail attributes, the query
filter might be:
(& (objectClass=inetOrgPerson) (mail=$m))
where $m is the FortiRecorder variable for a user's email address.
This option is preconfigured and read-only if you have selected from
Schema any schema style other than User Defined.
For details on query syntax, refer to any standard LDAP query filter
reference manual.
Scope Select which level of depth to query, starting from Base DN.
• One level — Query only the one level directly below the Base DN in
the LDAP directory tree.
• Subtree — Query recursively all levels below the Base DN in the
LDAP directory tree.
Derefer Select when, if ever, to dereference attributes whose values are
references.
• Never — Do not dereference.
• Always — Always dereference.
• Search — Dereference only when searching.
• Find — Dereference only when finding the base search object.
User
Authentication
Options
Select how, if the query requires authentication, the FortiRecorder
appliance will form the bind DN. The default setting is the third option:
Search user and try bind DN.
• Try UPN or email address as bind DN — Select to form the user’s
bind DN by prepending the user name portion of the email address
($u) to the User Principle Name (UPN, such as example.com).
By default, the FortiRecorder appliance will use the mail domain as
the UPN. If you want to use a UPN other than the mail domain,
enter that UPN in the field named Alternative UPN suffix. This can
be useful if users authenticate with a domain other than the mail
server’s principal domain name.
• Try common name with base DN as bind DN — Select to form
the user’s bind DN by prepending a common name to the base DN.
Also enter the name of the user objects’ common name attribute,
such as cn or uid into the field.
• Search user and try bind DN — Select to form the user’s bind DN
by using the DN retrieved for that user by User Query Options.
Setting name Description
To Next Page
Loading...