Chapter 3 Authentication for FortiOS 5.0 : Authentication servers : LDAP servers : Example — wildcard admin accounts - CLI : Configuring the LDAP server
  
Configuring the LDAP server
The important parts of this configuration are the username and group lines. The username is the domain administrator account. The group binding allows only the group with the name GRP to access.
 
The dn used here is as an example only. On your network use your own domain name.
To configure LDAP server - CLI
config user ldap
edit "ldap_server"
set server "192.168.201.3"
set cnid "sAMAccountName"
set dn "DC=example,DC=com,DC=au"
set type regular
set username "CN=Administrator,CN=Users,DC=example,DC=COM”
set password *
set group “CN=GRP,OU=training,DC=example,DC=COM”
set filter ""
next
end
To configure the user group and add the LDAP server - CLI
config user group
edit "ldap_grp"
set member "ldap"
config match
edit 1
set server-name "ldap_server"
set group-name "TRUE"
next
end
next
end