Fortinet FortiGate v3.0 MR7 User Manual
Page 23
Authentication servers
LDAP servers
FortiOS v3.0 MR7 User Authentication User Guide
01-30007-0347-20080828
23
To configure the FortiGate unit for LDAP authentication - CLI
config user ldap
edit <server_name>
set cnid <common_name_identifier>
set dn <distinguished_name>
set port <port_number>
set server <domain>
set type <auth_type>
set username <ldap_username>
set password <ldap_passwd>
set group <group>
set filter <group_filter>
set secure <auth_port>
set ca-cert <cert_name>
end
To remove an LDAP server from the FortiGate unit configuration -
web-based manager
1
Go to User > LDAP.
2
Select the Delete icon beside the name of the LDAP server that you want to
remove.
3
Select OK.
Figure 4: Delete LDAP server
Protocol
Select a secure LDAP protocol to use for authentication.
Depending on your selection, the value in Server Port will
change to the default port for the selected protocol. Available
only if Secure Connection is selected.
LDAPS: port 636
STARTTLS: port 389
Certificate
Select a certificate to use for authentication from the list. The
certificate list comes from CA certificates at System >
Certificates > CA Certificates.
Note: You cannot remove a LDAP server that belongs to a user group. Remove it from the
user group first.
Create New
Add a new LDAP server. The maximum number is 10.
Name
The name that identifies the LDAP server on the FortiGate unit.
Server Name/IP
The domain name or IP address of the LDAP server.
Port
The TCP port used to communicate with the LDAP server.
Delete
Edit