Fortinet black logo

Administration Guide

LDAP Servers

Copy Link
Copy Doc ID af12b5b0-1c45-11ea-9384-00505692583a:421447
Download PDF

LDAP Servers

The FortiSandbox system supports remote authentication of administrators using LDAP servers. To use this feature, you must configure the appropriate server entries in the FortiSandbox unit for each authentication server in your network.

If you have configured LDAP support and require a user to authenticate using an LDAP server, the FortiSandbox unit contacts the LDAP server for authentication. To authenticate with the FortiSandbox unit, the user enters a user name and password. The FortiSandbox unit sends this user name and password to the LDAP server. If the LDAP server can authenticate the user, the FortiSandbox unit successfully authenticates the user. If the LDAP server cannot authenticate the user, the FortiSandbox unit refuses the connection.

The following options are available:

Create New

Select to add an LDAP server.

Edit

Select an LDAP server in the list and click Edit in the toolbar to edit the entry.

Delete

Select an LDAP server in the list and click Delete in the toolbar to delete the entry.

The following information is displayed:

Name

The LDAP server name.

Address

The LDAP server address.

Common Name

The LDAP common name.

Distinguished Name

The LDAP distinguished name.

Bind Type

The LDAP bind type.

Connection Type

The LDAP connection type.

Number of LDAP servers

The number of LDAP server configured on the device.

To create a new LDAP server:
  1. Go to System > LDAP Servers.
  2. Select + Create New from the toolbar.

  3. Configure the following settings:

    Name

    Enter a name to identify the LDAP server. The name should be unique to FortiSandbox.

    Server Name/IP

    Enter the IP address or fully qualified domain name of the LDAP server.

    Port

    Enter the port for LDAP traffic. The default port is 389.

    Common Name

    The common name identifier for the LDAP server. Most LDAP servers use cn. However, some servers use other common name identifiers such as uid.

    Distinguished Name

    The distinguished name used to look up entries on the LDAP servers use. The distinguished name reflects the hierarchy of LDAP database object classes above the common name identifier.

    Bind Type

    Select the type of binding for LDAP authentication. The following options are available:

    • Simple
    • Anonymous
    • Regular

    Username

    When the Bind Type is set to Regular, type the user name.

    Password

    When the Bind Type is set to Regular, type the password.

    Enable Secure Connection

    Select to use a secure LDAP server connection for authentication.

    Protocol

    When Enable Secure Connection is selected, select either LDAPS or STARTTLS.

    CA Certificate

    When Enable Secure Connection is selected, select the CA certificate from the dropdown list.

  4. Select OK to add the LDAP server.

LDAP Servers

The FortiSandbox system supports remote authentication of administrators using LDAP servers. To use this feature, you must configure the appropriate server entries in the FortiSandbox unit for each authentication server in your network.

If you have configured LDAP support and require a user to authenticate using an LDAP server, the FortiSandbox unit contacts the LDAP server for authentication. To authenticate with the FortiSandbox unit, the user enters a user name and password. The FortiSandbox unit sends this user name and password to the LDAP server. If the LDAP server can authenticate the user, the FortiSandbox unit successfully authenticates the user. If the LDAP server cannot authenticate the user, the FortiSandbox unit refuses the connection.

The following options are available:

Create New

Select to add an LDAP server.

Edit

Select an LDAP server in the list and click Edit in the toolbar to edit the entry.

Delete

Select an LDAP server in the list and click Delete in the toolbar to delete the entry.

The following information is displayed:

Name

The LDAP server name.

Address

The LDAP server address.

Common Name

The LDAP common name.

Distinguished Name

The LDAP distinguished name.

Bind Type

The LDAP bind type.

Connection Type

The LDAP connection type.

Number of LDAP servers

The number of LDAP server configured on the device.

To create a new LDAP server:
  1. Go to System > LDAP Servers.
  2. Select + Create New from the toolbar.

  3. Configure the following settings:

    Name

    Enter a name to identify the LDAP server. The name should be unique to FortiSandbox.

    Server Name/IP

    Enter the IP address or fully qualified domain name of the LDAP server.

    Port

    Enter the port for LDAP traffic. The default port is 389.

    Common Name

    The common name identifier for the LDAP server. Most LDAP servers use cn. However, some servers use other common name identifiers such as uid.

    Distinguished Name

    The distinguished name used to look up entries on the LDAP servers use. The distinguished name reflects the hierarchy of LDAP database object classes above the common name identifier.

    Bind Type

    Select the type of binding for LDAP authentication. The following options are available:

    • Simple
    • Anonymous
    • Regular

    Username

    When the Bind Type is set to Regular, type the user name.

    Password

    When the Bind Type is set to Regular, type the password.

    Enable Secure Connection

    Select to use a secure LDAP server connection for authentication.

    Protocol

    When Enable Secure Connection is selected, select either LDAPS or STARTTLS.

    CA Certificate

    When Enable Secure Connection is selected, select the CA certificate from the dropdown list.

  4. Select OK to add the LDAP server.