|
Configure the FortiADC Manager to use LDAP for authenticating system admins for accessing it using the CLI:
1) Configure an entry for the LDAP server:
- Specify the LDAP server IP address or FQDN.
- Specify the distinguished name (DN).
- Set the bind type to 'regular'.
- Enter the full DN (distinguished name) for the LDAP administrator account to use for binding.
- Enter the password for the LDAP administrator account to use for binding.
- Specify 'vdom'.
- Modify the common name identifier (CNID) to the LDAP attribute used on the LDAP server (the default is 'cn').
- Modify the port if needed (default is 389).
For example:
# config user ldap
edit MYLDAP
set server 192.168.1.1
set dn DC=fortinet,DC=com
set type regular
set username CN=Administrator,CN=Users,DC=fortinet,DC=com
set password password
set vdom root
set cnid sAMAccountName
set port 389
next
end
2) Create a user and configure it to use the LDAP server:
- Create an entry for the LDAP user.
- Add the LDAP user.
- Change the auth-strategy to 'ldap'.
- Set the LDAP server entry previously created.
- Configure the privileges of the admin after authentication.
- Specify 'vdom'.
For example:
# config system admin
edit ldapuser
set auth-strategy ldap
set ldap-server MYLDAP
set access-profile super_admin_prof
set vdom root
next
end
|
