LDAP server
Lightweight Directory Access Protocol (LDAP) is an Internet protocol used to maintain authentication data that may include departments, people, groups of people, passwords, email addresses, and printers. An LDAP consists of a data-representation scheme, a set of defined operations, and a request/response network.
If you have configured LDAP support and require a user to authenticate using an LDAP server, the FortiManager unit contacts the LDAP server for authentication. To authenticate with the FortiManager unit, the user enters a user name and password. The FortiManager unit sends this user name and password to the LDAP server. If the LDAP server can authenticate the user, the FortiManager unit successfully authenticates the user. If the LDAP server cannot authenticate the user, the FortiManager unit refuses the connection.
Go to System Settings > Admin > Remote Auth Server > LDAP Server to create a new LDAP server entry or edit an existing server entry.
Delete | Select the check box next to the server name and select Delete. You cannot delete a LDAP server entry if there are administrator accounts using it. |
Create New | Add a new LDAP server entry. |
Name | The LDAP server name. Select the server name to edit the settings. |
Server Name/IP | The IP address or DNS resolvable domain name of the LDAP server. |
To add a LDAP server:
1. Go to System Settings > Admin > Remote Auth Server > LDAP Server. The list of LDAP servers appears.
2. Select the
Create New tool bar icon. The
New LDAP Server dialog box appears; see
Figure 66.
3. Configure the following information:
Name | Enter a name to identify the LDAP server. |
Server Name/IP | Enter the IP address or fully qualified domain name of the LDAP server. |
Port | Enter the port for LDAP traffic. The default port is 389. |
Common Name Identifier | The common name identifier for the LDAP server. Most LDAP servers use cn. However, some servers use other common name identifiers such as uid. |
Distinguished Name | The distinguished name used to look up entries on the LDAP servers use. The distinguished name reflects the hierarchy of LDAP database object classes above the common name identifier. |
Bind Type | Select the type of binding for LDAP authentication. |
Secure Connection | Select to use a secure LDAP server connection for authentication. |
4. Select OK to save the new LDAP server entry.
To modify an existing LDAP server configuration:
1. Go to System Settings > Admin > Remote Auth Server > LDAP Server. The list of configured LDAP servers appears.
2. In the Name column, select the name of the server configuration you want to change. The Edit LDAP Server dialog box appears.
3. Modify the settings as required and select OK to apply your changes.
To delete an existing LDAP server configuration:
1. Go to System Settings > Admin > Remote Auth Server > LDAP Server. The list of configured LDAP servers appears.
2. Select the check box beside the server configuration you want to delete and then select the Delete tool bar icon. A confirmation dialog box appears.
3. Select OK to delete the server entry.
| You cannot delete a LDAP server entry if there are administrator accounts using it. |
