LDAP server

Lightweight Directory Access Protocol (LDAP) is an Internet protocol used to maintain authentication data that may include departments, people, groups of people, passwords, email addresses, and printers. LDAP consists of a data-representation scheme, a set of defined operations, and a request/response network.

If you have configured LDAP support and require a user to authenticate using an LDAP server, the FortiAnalyzer unit contacts the LDAP server for authentication. To authenticate with the FortiAnalyzer unit, the user enters a user name and password. The FortiAnalyzer unit sends this user name and password to the LDAP server. If the LDAP server can authenticate the user, the FortiAnalyzer unit successfully authenticates the user. If the LDAP server cannot authenticate the user, the FortiAnalyzer unit refuses the connection.

Figure 72: New LDAP server dialog box


Name	Enter a name to identify the LDAP server.
Server Name/IP	Enter the IP address or fully qualified domain name of the LDAP server.
Port	Enter the port for LDAP traffic. The default port is 389.
Common Name Identifier	The common name identifier for the LDAP server. Most LDAP servers use cn. However, some servers use other common name identifiers such as uid.
Distinguished Name	The distinguished name used to look up entries on the LDAP servers use. The distinguished name reflects the hierarchy of LDAP database object classes above the common name identifier.
Bind Type	Select the type of binding for LDAP authentication from the drop-down list. One of: Simple, Anonymous, or Regular.
User DN	Enter the user distinguished name. This option is available when the Bind Type is set to Regular.
Password	Enter the user password. This option is available when the Bind Type is set to Regular.
Secure Connection	Select to use a secure LDAP server connection for authentication.
Protocol	Select either LDAPS or STARTTLS in the protocol field.
Certificate	Select the certificate in the drop-down list.