System Settings : Admin : Remote authentication server : LDAP
 
LDAP
Lightweight Directory Access Protocol (LDAP) is an Internet protocol used to maintain authentication data that may include departments, people, groups of people, passwords, email addresses, and printers. An LDAP consists of a data-representation scheme, a set of defined operations, and a request/response network.
If you have configured LDAP support and require a user to authenticate using an LDAP server, the FortiManager unit contacts the LDAP server for authentication. To authenticate with the FortiManager unit, the user enters a user name and password. The FortiManager unit sends this user name and password to the LDAP server. If the LDAP server can authenticate the user, the FortiManager unit successfully authenticates the user. If the LDAP server cannot authenticate the user, the FortiManager unit refuses the connection.
To add an LDAP server:
1. Go to System Settings > Admin > Remote Auth Server. The list of servers is shown.
2. Select the Create New toolbar icon, then select LDAP from the drop-down list.
The New LDAP Server window opens.
Figure 54: New LDAP server dialog box
3. Configure the following information:
Name
Enter a name to identify the LDAP server.
Server Name/IP
Enter the IP address or fully qualified domain name of the LDAP server.
Port
Enter the port for LDAP traffic. The default port is 389.
Common Name Identifier
The common name identifier for the LDAP server. Most LDAP servers use cn. However, some servers use other common name identifiers such as uid.
Distinguished Name
The distinguished name used to look up entries on the LDAP servers use. The distinguished name reflects the hierarchy of LDAP database object classes above the common name identifier.
Selecting the query distinguished name button will query the LDAP for the name and open the LDAP Distinguished Name Query window to display the results.
Bind Type
Select the type of binding for LDAP authentication. Select Simple, Anonymous or Regular from the drop-down menu.,
User DN
When the Bind Type is set to Regular, enter the user DN.
Password
When the Bind Type is set to Regular, enter the password.
Secure Connection
Select to use a secure LDAP server connection for authentication.
Protocol
When Secure Connection is enabled, select either LDAPS or STARTTLS.
Certificate
When Secure Connection is enabled, select the certificate from the drop-down menu.
4. Select OK to save the new LDAP server entry.