Locating your identifier in the hierarchy

Chapter 3 Authentication for FortiOS 5.0 : Authentication servers : LDAP servers : LDAP directory organization : Locating your identifier in the hierarchy

You need to determine the levels of the hierarchy from the top to the level that contain the identifier you want to use. This defines the DN that the FortiGate unit uses to search the LDAP database. Frequently used distinguished name elements include:

• uid (user identification)

• pw (password)

• cn (common name)

• ou (organizational unit)

• o (organization)

• c (country)

One way to test this is with a text-based LDAP client program. For example, OpenLDAP includes a client, ldapsearch, that you can use for this purpose.

Enter the following at the command line:

ldapsearch -x '(objectclass=*)'

The output is lengthy, but the information you need is in the first few lines:

version: 2

# filter: (objectclass=*)

# requesting: ALL

dn: dc=example,dc=com

dc: example

objectClass: top

objectClass: domain

dn: ou=People,dc=example,dc=com

ou: People

objectClass: top

objectClass: organizationalUnit

...

dn: uid=tbrown,ou=People,dc=example,dc=com

uid: tbrown

cn: Tom Brown

In the output above, you can see tbrown (uid) and Tom Brown(cn). Also note the dn is ou=People, dc=example, dc=com.