Technical Tip: LDAP authentication for extensions User Portal and FortiFone software

Description

This article describes how to configure the LDAP authentication for extensions regarding login with it in the User Portal and in FortiFone softclient.

Scope

FortiVoice v6.0.x, v6.4.x and v7.0.x.

Solution

Follow the below link to configure the LDAP profile and do a successful test query:

Creating an LDAP profile

There are two options to configure user authentication

Option 1:

If the LDAP profile is configured with 'Try Common Name with Base DN as Bind DN' it means that each extension will be manually mapped to a specific username.

Follow the below steps:

1. Phone System -> LDAP -> LDAP Profile and edit the LDAP profile.
2. Under User Authentication Options, select 'Try Common Name with Base DN as Bind DN'
3. Then configure 'Common name ID' with value 'cn' to map the username or the attribute that needs to be mapped from the LDAP server.

4. Then go to Extension -> Extension -> IP Extension and edit the extension.
5. Under User Setting, in the Web Access tab, with Authentication type to LDAP with the configured LDAP profile.
6. Configure 'Authentication ID:' with the username 'cn value' for the user who needs to map or authenticate this extension with his account. This example username is 'user1'.

7. Once the above steps are completed, open the User Portal and in the 'Username field' type the extension number, and in 'Password' type the password of the configured username in this extension.

Option 2:

If the LDAP profile is configured with 'Search User and Try Bind DN' this means that the LDAP server is already configured with extension numbers for each user, and there is an attribute included in the extension number so the user will not need to configure each extension with Authentication ID.

Follow the below steps:

1. Phone System -> LDAP -> LDAP Profile and edit the LDAP profile.
2. Under User Authentication Options, select 'Search User and Try Bind DN'
3. In LDAP user query, the default scheme query for AD is: (&(objectClass=user)(telephonenumber=$u)). This means that in AD the attribute 'telephonenumber' in each user has the extension number. Leave the rest of the options the default.

4. Then Go to Extension -> Extension -> IP Extension and edit the extension.
5. Under User Setting, in the Web Access tab, with Authentication type to LDAP with the configured LDAP profile.
6.  Leave 'Authentication ID:' empty.

7. Once the above steps are completed, open the User Portal, and in the 'Username filed' type the extension number, and in 'Password' type the LDAP user password to which this extension belongs.