user admin-usergrp
Use this command to configure LDAP or RADIUS remote authentication groups that can be used when configuring a FortiWeb administrator account.
Before you can add a remote authentication group, you must first define at least one query for either LDAP or RADIUS accounts. See
“config user ldap-user” or
“config user radius-user”.
To use this command, your administrator account’s access control profile must have either
w or
rw permission to the
authusergrp area. For more information, see
“Permissions”.
Syntax
config user admin-usergrp
config members
next
end
next
end
Variable | Description | Default |
<group_name> | Type the name of the remote authentication group. The maximum length is 35 characters. | No default. |
<entry_index> | Type the index number of the individual entry in the table. The valid range is from 1 to 9,999,999,999,999,999,999. | No default. |
type {ldap | radius} | Select the protocol used for the query, either LDAP or RADIUS. | ldap |
ldap-name <query_name> | Type the name of an existing LDAP account query. The maximum length is 35 characters. To display the list of existing queries, type: edit ? | No default. |
radius-name <query_name> | Type the name of an existing RADIUS account query. The maximum length is 35 characters. To display the list of existing queries, type: edit ? | No default. |
Example
This example creates a remote authentication group using an existing LDAP user query named LDAP Users 1. Because remote authentication groups use LDAP queries by default, the LDAP query type is not explicitly configured.
config user admin-usergrp
edit "Admin LDAP"
config members
edit 0
set ldap-name "LDAP Users 1"
next
end
next
end
Related topics