Configuring an LDAP server
This section provides steps on how to configure an LDAP server in a FortiProxy unit and how to map LDAP users in a policy.
To configure the FortiProxy unit for LDAP authentication using the GUI:
- Go to User & Device > LDAP Servers and select Create New.
- In the Name field, enter a name for the LDAP server.
- In the Server IP/Name field, enter the server’s FQDN or IP address.
- If necessary, change the server port number. The default is port 389.
- Enter the Common Name Identifier (20 characters maximum).
cn
is the default, and most users will useSAMAccountName
.cn
is the common name, which is a display name, andSAMAccountName
is the logon name (in reference to the Windows LDAP server). - Next to the Distinguished Name field, select Browse and select the main domain (you can select the domain after the user name and password are entered in steps 8 and 9)
- For the Bind Type buttons, select Regular.
- In the Username field, enter the LDAP administrator’s name.
- In the Password field, enter the LDAP administrator’s password.
- Select OK.
To import users for the LDAP server using the GUI:
- Go to User & Device > User Definition and select Create New.
- On the User Type step, select Remote LDAP User and then select Next.
- On the LDAP Server step, select the LDAP server name and then select Next.
- On the Remote Users step, right-click on the user name and select Add Selected for each remote user that you want to add.
- Select Submit.
After you import the users and user groups, use them in a policy.
NOTE: LDAP authentication supports HTTP, HTPPS, FTP, and Telnet Protocols only.