Fortinet black logo

Administration Guide

LDAP servers

LDAP servers

Lightweight Directory Access Protocol (LDAP) is an Internet protocol used to maintain authentication data that may include departments, people, groups of people, passwords, email addresses, and printers. LDAP consists of a data-representation scheme, a set of defined operations, and a request/response network.

If you have configured LDAP support and an administrator is required to authenticate using an LDAP server, the FortiAnalyzer unit sends the administrator’s credentials to the LDAP server for authentication. If the LDAP server can authenticate the administrator, they are successfully authenticated with the FortiAnalyzer unit. If the LDAP server cannot authenticate the administrator, the FortiAnalyzer unit refuses the connection.

To use an LDAP server to authenticate administrators, you must configure the server before configuring the administrator accounts that will use it.

To add an LDAP server:
  1. Go to System Settings > Admin > Remote Authentication Server.
  2. Select Create New > LDAP Server from the toolbar. The New LDAP Server pane opens.

  3. Configure the following settings, and then click OK to add the LDAP server.

    Name

    Enter a name to identify the LDAP server.

    Server Name/IP

    Enter the IP address or fully qualified domain name of the LDAP server.

    Port

    Enter the port for LDAP traffic. The default port is 389.

    Common Name Identifier

    The common name identifier for the LDAP server. Most LDAP servers use cn. However, some servers use other common name identifiers such as UID.

    Distinguished Name

    The distinguished name is used to look up entries on the LDAP server.

    The distinguished name reflects the hierarchy of LDAP database object classes above the common name identifier. Clicking the query distinguished name icon will query the LDAP server for the name and open the LDAP Distinguished Name Query window to display the results.

    Bind Type

    Select the type of binding for LDAP authentication: Simple, Anonymous, or Regular.

    User DN

    When the Bind Type is set to Regular, enter the user DN.

    Password

    When the Bind Type is set to Regular, enter the password.

    Secure Connection

    Select to use a secure LDAP server connection for authentication.

    Protocol

    When Secure Connection is enabled, select either LDAPS or STARTTLS.

    Certificate

    When Secure Connection is enabled, select the certificate from the dropdown list.

    Administrative Domain

    Choose the ADOMs this server will be linked to: All ADOMs, or Specify for specific ADOMs.

LDAP servers

Lightweight Directory Access Protocol (LDAP) is an Internet protocol used to maintain authentication data that may include departments, people, groups of people, passwords, email addresses, and printers. LDAP consists of a data-representation scheme, a set of defined operations, and a request/response network.

If you have configured LDAP support and an administrator is required to authenticate using an LDAP server, the FortiAnalyzer unit sends the administrator’s credentials to the LDAP server for authentication. If the LDAP server can authenticate the administrator, they are successfully authenticated with the FortiAnalyzer unit. If the LDAP server cannot authenticate the administrator, the FortiAnalyzer unit refuses the connection.

To use an LDAP server to authenticate administrators, you must configure the server before configuring the administrator accounts that will use it.

To add an LDAP server:
  1. Go to System Settings > Admin > Remote Authentication Server.
  2. Select Create New > LDAP Server from the toolbar. The New LDAP Server pane opens.

  3. Configure the following settings, and then click OK to add the LDAP server.

    Name

    Enter a name to identify the LDAP server.

    Server Name/IP

    Enter the IP address or fully qualified domain name of the LDAP server.

    Port

    Enter the port for LDAP traffic. The default port is 389.

    Common Name Identifier

    The common name identifier for the LDAP server. Most LDAP servers use cn. However, some servers use other common name identifiers such as UID.

    Distinguished Name

    The distinguished name is used to look up entries on the LDAP server.

    The distinguished name reflects the hierarchy of LDAP database object classes above the common name identifier. Clicking the query distinguished name icon will query the LDAP server for the name and open the LDAP Distinguished Name Query window to display the results.

    Bind Type

    Select the type of binding for LDAP authentication: Simple, Anonymous, or Regular.

    User DN

    When the Bind Type is set to Regular, enter the user DN.

    Password

    When the Bind Type is set to Regular, enter the password.

    Secure Connection

    Select to use a secure LDAP server connection for authentication.

    Protocol

    When Secure Connection is enabled, select either LDAPS or STARTTLS.

    Certificate

    When Secure Connection is enabled, select the certificate from the dropdown list.

    Administrative Domain

    Choose the ADOMs this server will be linked to: All ADOMs, or Specify for specific ADOMs.