Chapter 3 Authentication for FortiOS 5.0 : Agent-based FSSO : Configuring FSSO on FortiGate units : Configuring LDAP server access
  
Configuring LDAP server access
LDAP access is required if your network has a Novell eDirectory agent or a Collector agent using Windows Advanced AD access mode. If you are using FSSO Standard mode, go to “Specifying your Collector agents or Novell eDirectory agents”.
1. Go to User & Device > Authentication > LDAP Servers and select Create New.
2. Enter a Name to identify this server in FortiGate configurations.
3. Enter the Server Name/IP of the LDAP server.
4. Enter the Distinguished Name.
5. Set Bind Type to Regular.
6. In the User DN field, enter the administrative account name that you created for FSSO.
For example, if the account is FSSO_Admin, enter “cn=FSSO_Admin,cn=users”.
7. Make sure that the User DN entry ends with a comma and append the string from the Distinguished Name field to the end of it.
Example: cn=FSSO_Admin,cn=users,dc=office,dc=example,dc=com
8. Enter the administrative account password in the Password field.
9. Select the Test button.
A pop-up window near the top of the window should indicate “Successful”.
10. Select OK.
To configure LDAP for FSSO - CLI example
config user ldap
edit "ADserver"
set server "10.11.101.160"
set cnid "cn"
set dn "cn=users,dc=office,dc=example,dc=com"
set type regular
set username "cn=administrator,cn=users,dc=office,dc=example,dc=com"
set password set_a_secure_password
next
end