Now you can finish the LDAPS configuration using client authentication through certificate.
- Go to Authentication > Remote Auth. Servers > LDAP > Create New.
- Enter a name.
- For Primary server name/IP enter ldap.google.com, and set the port to 636.
- Enter the base distinguished name.
- For the Username attribute, enter uid.
- Select the option to obtain group memberships from Group attribute.
- Enable Secure Connection and select either LDAPS or STARTTLS as the Protocol, and select the Google CA certificate.
- Enable Use Client Certificate for TLS Authentication, and select the LDAP certificate.
- Select OK.
If required, you can now import users by clicking the Go button next to the Import users dropdown. This is not a required step, but can be done in cases where you want to include additional information to their accounts or assign FortiTokens.