Description | This article explains how to configure FortiADC Manager to use an LDAP server for authenticating administrator access. |
Scope | FortiADC Manager. |
Solution |
Configure the FortiADC Manager to use LDAP for authenticating system admins for accessing it using the CLI:
1) Configure an entry for the LDAP server: - Specify the LDAP server IP address or FQDN. - Specify the distinguished name (DN). - Set the bind type to 'regular'. - Enter the full DN (distinguished name) for the LDAP administrator account to use for binding. - Enter the password for the LDAP administrator account to use for binding. - Specify 'vdom'. - Modify the common name identifier (CNID) to the LDAP attribute used on the LDAP server (the default is 'cn'). - Modify the port if needed (default is 389).
For example:
# config user ldap edit MYLDAP set server 192.168.1.1 set dn DC=fortinet,DC=com set type regular set username CN=Administrator,CN=Users,DC=fortinet,DC=com set password password set vdom root set cnid sAMAccountName set port 389 next end
2) Create a user and configure it to use the LDAP server: - Create an entry for the LDAP user. - Add the LDAP user. - Change the auth-strategy to 'ldap'. - Set the LDAP server entry previously created. - Configure the privileges of the admin after authentication. - Specify 'vdom'.
For example:
# config system admin edit ldapuser set auth-strategy ldap set ldap-server MYLDAP set access-profile super_admin_prof set vdom root next end |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.