Skip to main content
daemonhunter
daemonhunter
Visitor III
September 11, 2025
Question

FortiAuthenticator API Endpoint for LDAP Groups

  • September 11, 2025
  • 2 replies
  • 795 views

Im trying to find a FAC API endpoint to query what users are in a specific LDAP Group. This is as close as I could get. Unfortunately this only returns groups that are local groups, not LDAP groups.

 

Anyone else figured out how to do this or if its possible with the current API?

https://docs.fortinet.com/document/fortiauthenticator/6.6.2/rest-api-solution-guide/583007/local-user-group-memberships-localgroup-memberships


2 replies

funkylicious
SuperUser
funkylicious
SuperUser
September 11, 2025

why not query the AD/LDAP directly ?

"jack of all trades, master of none"
daemonhunter
daemonhunterAuthor
Visitor III
September 14, 2025

Unfortunately it doesn’t work that way. FA creates a group of LDAP users. It’s FA’s group not the domains. 

funkylicious
SuperUser
funkylicious
SuperUser
September 14, 2025

so basically, it's a local FAC group that has remote LDAP server/users defined/imported.

try querying the localgroups APIs

"jack of all trades, master of none"
daemonhunter
daemonhunterAuthor
Visitor III
January 2, 2026

Figured I'd give this a check again, unfortunately still a missing feature in FA 8.0. Is there any way to submit a request to get this functionality added to the API?

ebilcari
Staff
ebilcari
Staff
January 25, 2026

You could submit a New Feature Request (NFR) over your local Fortinet representatives  to add this as a feature on next releases.

Emirjon
Terms & ConditionsAccessibility statement