Using common schema styles
Your LDAP server schema may require no modification if:
• your LDAP server already contains all information required by the LDAP profile queries you want to enable
• your LDAP server uses a common schema style, and a matching predefined LDAP query configuration exists for that schema style
If both of those conditions are true, your LDAP profile configuration may also be very minimal. Some queries in LDAP profiles contain schema options that automatically configure the query to match common schema styles such as IBM Lotus Domino, Microsoft ActiveDirectory (AD), and OpenLDAP. If you will only enable those queries that have schema options, it may be sufficient to select your schema style for each query.
For example, your LDAP server might use an OpenLDAP-style schema, where two types of user object classes exist, but both already have mail and userPassword attributes. Your FortiMail unit is in gateway mode, and you want to use LDAP queries to use users’ email addresses to query for authentication. In this scenario, it may be sufficient to:
1. In the LDAP profile, enter the domain name or IP address of the LDAP server.
2. Configure the LDAP profile queries:
• In User Query Options, select from Schema which OpenLDAP schema your user objects follow: either InetOrgPerson or InetLocalMailRecipient. Also enter the Base DN, Base DN, and Bind password to authenticate queries by the FortiMail unit and to specify which part of the directory tree to search.
• In User Authentication Options, enable the query with the option to Search user and try bind DN.
3. Configure mail domains and policies to use the LDAP profile to authenticate users and perform recipient verification.