Chapter 3 Authentication for FortiOS 5.0 : Authentication servers : LDAP servers : Example — wildcard admin accounts - CLI : Configuring the admin account
  
Configuring the admin account
The wildcard part of this example is only available in the CLI for admin configuration. When enabled, this allows all LDAP group members to login to the FortiGate unit without the need to create a separate admin account for each user. In effect the members of that group will each be able to login as “test”.
To configure the admin account - CLI
config system admin
edit “test”
set remote-auth enable
set accprofile “super_admin”
set wildcard enable
set remote-group “ldap_grp”
next
end
For troubleshooting, test that the admin account is operational, and see “Troubleshooting LDAP”.