Chapter 16 SSL VPN : Basic configuration : User accounts and groups : Authentication
  
Authentication
Remote users must be authenticated before they can request services and/or access network resources through the web portal. The authentication process can use a password defined on the FortiGate unit or optionally use established external authentication mechanisms such as RADIUS or LDAP.
To authenticate users, you can use a plain text password on the local FortiGate unit, forward authentication requests to an external RADIUS, LDAP or TACACS+ server, or utilize PKI certificates.
For information about how to create RADIUS, LDAP, TACACS+ or PKI user accounts and certificates, see the Authentication chapter of The Handbook.
 
FortiOS supports LDAP password renewal notification and updates through SSL VPN. Enable this configuration in the CLI as follows:
config user ldap
edit <username>
set password-expiry-warning enable
set password-renewal enable
end
For more information, see the Authentication chapter of The Handbook.