Configuring Directory Access settings
The FSSO Collector Agent can access Windows Active Directory in one of two modes:
• Standard — the FSSO Collector Agent receives group information from the Collector agent in the domain\user format. This option is available on FortiOS 3.0 and later.
• Advanced — the FSSO Collector Agent obtains user group information using LDAP. The benefit of this method is that it is possible to nest groups within groups. This is option is available on FortiOS 3.0 MR6 and later. The group information is in standard LDAP format.
| If you change AD access mode, you must reconfigure your group filters to ensure that the group information is in the correct format. |
To configure Directory Access settings
1. From the Start menu select Programs > Fortinet > Fortinet Single Sign On Agent > Configure Fortinet Single Sign On Agent.
2. In the Common Tasks section, select Set Directory Access Information.
3. The Set Directory Access Information dialog box opens.
4. From the AD access mode list, select either Standard or Advanced.
5. If you selected Advanced AD access mode, select Advanced Setting and configure the following settings and then select OK:
AD server address | Enter the address of your network’s global catalog server. |
AD server port | The default AD server port is 3268. This must match your server port. |
BaseDN | Enter the Base distinguished name for the global catalog. This is the point in the tree that will be considered the starting point by default. |
Username | If the global catalog accepts your Fortinet Single Sign On Agent agent’s credentials, you can leave these fields blank. Otherwise, enter credentials for an account that can access the global catalog. |
Password |