This article explains which LDAP server to use to authenticate WiFi clients using WPA and WPA2 security protocols.
LDAP is supported with WiFi clients but not with every LDAP server. The LDAP server must allow the FortiGate to remotely retrieve the WiFi user's clear text password.
OpenLDAP is a free, open-source implementation of the LDAP protocol. It offers greater flexibility in terms of configuration and is amenable to adaptations required for various authentication needs, such as the unique requirements of WPA and WPA2:
Clear Text Password Retrieval: OpenLDAP can be configured to allow specific devices, like FortiGate, to retrieve clear text passwords when necessary. This capability facilitates the password hashing required for WPA and WPA2 authentication.
Compatibility with WPA/WPA2: OpenLDAP can be tailored to work seamlessly with WPA and WPA2 security protocols, ensuring secure and consistent user authentication.
For organizations looking to integrate FortiOS-based WiFi networks using WPA or WPA2 security protocols with LDAP authentication, OpenLDAP serves as a viable and recommended choice due to its adaptability and compatibility.