Fortinet black logo

Cookbook

Configuring the LDAP server

Copy Link
Copy Doc ID 502fabff-dbf1-11ea-96b9-00505692583a:766507
Download PDF

Configuring the LDAP server

Create an LDAP entry for remote lookup of computers with the username attribute as dNSHostName.

To configure remote LDAP server on FortiAuthenticator:
  1. In FortiAuthenticator, go to Authentication > Remote Auth. Servers > LDAP, and click Create New.
  2. Under Create New LDAP Server, set the following:
    1. Name: Enter the server name, for example: AD_Computers.
    2. Primary server name/IP: Enter the LDAP server name, for example: dc01.wl-cse.net using Port 636.
    3. Base distinguished name: Enter the base distinguished name, for example: DC=wl-cse,DC=net.
    4. Bind type: Regular.
      Enter the username and password for your LDAP user.
  3. Under Query Elements, set the following:
    1. User object class: computer.
    2. Username attribute: dNShostName.
    3. Group object class: group.
    4. Obtain group memberships from: Group attribute.
    5. Group membership attribute: memberOf.
  4. Enable Secure Connection, and set the following:
    1. Protocol: LDAPS.
    2. CA certificate: Select the CA certificate you previously configured.
  5. Click OK.

Configuring the LDAP server

Create an LDAP entry for remote lookup of computers with the username attribute as dNSHostName.

To configure remote LDAP server on FortiAuthenticator:
  1. In FortiAuthenticator, go to Authentication > Remote Auth. Servers > LDAP, and click Create New.
  2. Under Create New LDAP Server, set the following:
    1. Name: Enter the server name, for example: AD_Computers.
    2. Primary server name/IP: Enter the LDAP server name, for example: dc01.wl-cse.net using Port 636.
    3. Base distinguished name: Enter the base distinguished name, for example: DC=wl-cse,DC=net.
    4. Bind type: Regular.
      Enter the username and password for your LDAP user.
  3. Under Query Elements, set the following:
    1. User object class: computer.
    2. Username attribute: dNShostName.
    3. Group object class: group.
    4. Obtain group memberships from: Group attribute.
    5. Group membership attribute: memberOf.
  4. Enable Secure Connection, and set the following:
    1. Protocol: LDAPS.
    2. CA certificate: Select the CA certificate you previously configured.
  5. Click OK.