Like all profiles, none of the VIP profile settings are global. They are applied only to traffic which is controlled by a policy which includes the appropriate VIP Map profile. |
For the sender and recipient patterns, the @ symbol must appear even if you’re using wildcards. For example, if you want to match all addresses, you must use *@* rather than just * to work properly. |
Before using an LDAP profile, verify each LDAP query and connectivity with your LDAP server. When LDAP queries do not match with the server’s schema and/or contents, unintended mail processing behaviors can result, including bypassing antivirus scans. For details on preparing an LDAP directory for use with FortiMail LDAP profiles, see ““Preparing your LDAP schema for FortiMail LDAP profiles”. |
GUI item | Description |
Clone (button) | Click the row corresponding to the profile whose settings you want to duplicate when creating the new profile, then click Clone. A single-field dialog appears. Enter a name for the new profile. Click OK. |
Profile Name | Displays the name of the profile. |
Server | Displays the domain name or IP address of the LDAP server. |
Port | Displays the listening port of the LDAP server. |
Group | Indicates whether Group Query Options is enabled. |
Auth | Indicates whether User Authentication Options is enabled. |
Alias | Indicates whether User Alias Options is enabled. |
Routing | Indicates whether Mail Routing Options is enabled. |
Scan Override | Indicates whether Scan Override Options is enabled. |
Address Map | Indicates whether Address Mapping Options is enabled. |
Domain Lookup | Indicates whether Domain Lookup Options is enabled. |
Webmail | Indicates whether Enable webmail password change is enabled in this profile. |
Cache | Indicates whether query result caching is enabled. |
(Green dot in column heading) | Indicates whether or not the entry is currently referred to by another item in the configuration. If another item is using this entry, a red dot appears in this column, and the entry cannot be deleted. |
GUI item | Description |
Profile name | For a new profile, enter its name. |
Server name/IP | Enter the fully qualified domain name (FQDN) or IP address of the LDAP server. Port: Enter the port number where the LDAP server listens. The default port number varies by your selection in Use secure connection: port 389 is typically used for non-secure connections, and port 636 is typically used for SSL-secured (LDAPS) connections. |
Fallback server name/IP | Optional. Enter the fully qualified domain name (FQDN) or IP address of an alternate LDAP server that the FortiMail unit can query if the primary LDAP server is unreachable. Port: Enter the port number where the fallback LDAP server listens. The default port number varies by your selection in Use secure connection: port 389 is typically used for non-secure connections, and port 636 is typically used for SSL-secured (LDAPS) connections. |
Use secure connection | Select whether or not to connect to the LDAP servers using an encrypted connection. • none: Use a non-secure connection. • SSL: Use an SSL-secured (LDAPS) connection. Click Test LDAP Query to test the connection. A pop-up window appears. For details, see “To verify user query options”. Note: If your FortiMail unit is deployed in server mode, and you want to enable Enable webmail password change using an LDAP server that uses a Microsoft ActiveDirectory-style schema, you must select SSL. ActiveDirectory servers require a secure connection for queries that change user passwords. |
Default Bind Options | |
Base DN | Enter the distinguished name (DN) of the part of the LDAP directory tree within which the FortiMail will search for user objects, such as ou=People,dc=example,dc=com. User objects should be child nodes of this location. |
Bind DN | Enter the bind DN, such as cn=FortiMailA,dc=example,dc=com, of an LDAP user account with permissions to query the Base DN. |
Bind password | Enter the password of the Bind DN. Click Browse to locate the LDAP directory from the location that you specified in Base DN, or, if you have not yet entered a Base DN, beginning from the root of the LDAP directory tree. Browsing the LDAP tree can be useful if you need to locate your Base DN, or need to look up attribute names. For example, if the Base DN is unknown, browsing can help you to locate it. Before using, first configure Server name/IP, Use secure connection, Bind DN, Bind password, and Protocol version, then click Create or OK. These fields provide minimum information required to establish the directory browsing connection. |