Skip to main content
czerwo
czerwo
New Member
July 15, 2016
Question

Captive Portal + LDAP Groups

  • July 15, 2016
  • 1 reply
  • 6827 views

I have Fortigate 500D. On wi-fi I have captive portal + LDAP all works fine. I'm try use LDAP + Groups to authorized users to wi-fi whith Captive Portal but don't work :( In User Groups I add New group, Remote Server LDAP my_ldap, in table I have one group, I selected this but don't work. I can't login in captive portal. My LDAP scheme: ---dc=awf,dc=katowice,dc=pl |-ou=people (15000 users) |-ou=groups (1 group) Must I have MemberOf in LDAP??

    1 reply

    Jeff_FTNT
    Staff
    Jeff_FTNT
    Staff
    July 18, 2016

    If you did not set up "match" in group, it would not need MemberOf in LDAP.

    xsilver_FTNT
    Staff
    xsilver_FTNT
    Staff
    July 19, 2016

    Hi czerwo,

    also pay attention to the fact that OU is 'Organizational Unit', sort of container. And it is NOT a group from LDAP point of view. See LDIF or details and note that true groups has objectClass=group and also contain list of members which pair to mentioned memberOf LDAP attribute, which is used in LDAP based group match. Group name/path starts with CN.

    Here is a bit older but still valid KB article on how to set LDAP based auth on FortiOS for just specific groups on LDAP server.

    http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD32359

    Best regards,Tomas

    Terms & ConditionsAccessibility statement