Configuring profiles : Configuring LDAP profiles : Configuring user authentication options
Configuring user authentication options
The following procedure is part of the LDAP profile configuration process. For general procedures about how to configure an LDAP profile, see “Configuring LDAP profiles”.
1. Go to Profile > LDAP.
2. Click New to create a new profile or double click on an existing profile to edit it.
3. Click the arrow to expand the User Authentication Options section.
For more information on authenticating users by LDAP query, see “Controlling email based on recipient addresses”.
4. Configure the following:
 
GUI item
Description
Try UPN or mail address as bind DN
Select to form the user’s bind DN by prepending the user name portion of the email address ($u) to the User Principle Name (UPN, such as example.com).
By default, the FortiMail unit will use the mail domain as the UPN. If you want to use a UPN other than the mail domain, enter that UPN in the field named Alternative UPN suffix. This can be useful if users authenticate with a domain other than the mail server’s principal domain name.
Try common name with base DN as bind DN
Select to form the user’s bind DN by prepending a common name to the base DN. Also enter the name of the user objects’ common name attribute, such as cn or uid into the field.
This option is preconfigured and read-only if, in User Query Options, you have selected from Schema any schema style other than User Defined.
Search user and try bind DN
Select to form the user’s bind DN by using the DN retrieved for that user by User Query Options.