FortiAuthenticator
FortiAuthenticator provides access management and single sign on.
Debbie_FTNT
Staff
Staff
Article Id 259163
Description

 

This article describes how to set custom user fields in FortiAuthenticator, and how to include it in LDAP service responses.

 

Scope

 

FortiAuthenticator 6.5 and higher.

 

Solution

 

FortiAuthenticator allows the creation of up to three custom user fields. These fields can be defined under Authentication -> User Management -> Custom User Fields. Starting in FortiAuthenticator firmware version 6.5, these fields will also be included in LDAP service responses (if FortiAuthenticator is set up to act as an LDAP server).

 

An example configuration can be found below:

 

1) Creation of custom user fields:

 

ldap-custom-attribute2.PNG

 

Edit a custom user field under Authentication -> User Management -> Custom User Fields and assign it a name, then save by pressing the Enter key.

 

2) Edit the local user(s):

 

ldap-custom-attribute1.PNG

 

Edit the local users under Authentication -> User Management -> Local Users, and set the appropriate values.

Note: only local users may be included in the local LDAP directory on FortiAuthenticator, and can be found via LDAP lookup to FortiAuthenticator.

 

3) Add the local user(s) to the LDAP directory tree:

 

ldap-custom-attribute3.PNG

 

Create new entries and add the users as appropriate.

Note: For more details on setting up local LDAP service on FortiAuthenticator, refer to the Administration Guide, found here: https://docs.fortinet.com/product/fortiauthenticator/

 

4) Query the user(s) via LDAP:

 

ldap-browser-fac.PNG

 

Query the user via an LDAP browser or similar tool (the screenshot uses Softerra LDAP Browser 4.5). The local user entry should include an attribute custom1 (or custom2/custom3) with the value of the custom user field set under Step 2.