Help
FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
ckarwei
Staff
Staff

Created on ‎09-13-2020 10:42 PM Edited on ‎12-01-2025 02:41 AM By Staff

Article Id 191579

Technical Tip: Creating LDAP system administrator

Description

 

This article describes how to create an LDAP system administrator in FortiManager and FortiAnalyzer.

 

Scope

 

FortiAnalyzer.

Solution

 

To configure the FortiManager/FortiAnalyzer for LDAP authentication from the GUI:

  1. Go to System Settings -> Admin -> Remote Authentication Server, select 'Create New' and select 'LDAP Server'.
  2. Enter a Name for the LDAP server.
  3. In Server Name/IP, enter the Server Name or IP address.
  4. Enter the Port number used for LDAP communication (389 by default).
  5. Enter the Common Name Identifier (cn by default).
  6. Enter the Distinguished name. The selected query distinguished name icon will query the LDAP server for the name and open the LDAP Distinguished name query window to display the results (select the query after entering the User DN and Password in step 8 ) and 9)).
  7. In 'Bind Type', select 'Regular'.
  8. In User DN, enter the LDAP administrator’s name with the domain (for example: mydomain\admin).
  9. Enter the LDAP administrator’s password.
  10. Select 'OK'.

 

 

Bold
 
  1. Go to System Settings -> Admin -> Administrator and select 'Create New'.
  2. Enter the user name (the same with domain username if  'Match all users on remote server' is not checked).
  3. In 'Admin Type', select 'LDAP'.
  4. In the LDAP server, choose the remote authentication server created earlier.
  5. Check 'Match all users on remote server' to match a user group on the AD server.
  6. Left the password field empty.
  7. Select 'Admin Profile' and 'Administrative Domain' accordingly
  8. Select 'OK'.
 
 
  1. Log in now with the AD username and password.
 
To push an admin user profile from LDAP, use the following CLI command:
 
config system admin ldap
    edit "myLDAP"
        set profile-attr "description"
    next
end
 
It is also necessary to configure the wildcard user to use this profile.
 
config system admin user
    edit "myLDAPuser"
        set ext-auth-accprofile-override enable
    next
end
 
After editing the advanced attribute on the LDAP server and in the description field, mention the profile name associated with the user or group of users.
 
Note:
The following commands are useful for debugging while accessing the FortiManager using the newly created administrator:
 
diagnose debug en
diagnose debug application auth 255
 
Log in to the FortiManager,  and disable the debug:
 
diagnose debug disable
5736
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.