FortiAuthenticator provides access management and single sign on.
Article Id 259163


This article describes how to set custom user fields in FortiAuthenticator, and how to include it in LDAP service responses.




FortiAuthenticator 6.5 and higher.




FortiAuthenticator allows the creation of up to three custom user fields. These fields can be defined under Authentication -> User Management -> Custom User Fields. Starting in FortiAuthenticator firmware version 6.5, these fields will also be included in LDAP service responses (if FortiAuthenticator is set up to act as an LDAP server).


An example configuration can be found below:


1) Creation of custom user fields:




Edit a custom user field under Authentication -> User Management -> Custom User Fields and assign it a name, then save by pressing the Enter key.


2) Edit the local user(s):




Edit the local users under Authentication -> User Management -> Local Users, and set the appropriate values.

Note: only local users may be included in the local LDAP directory on FortiAuthenticator, and can be found via LDAP lookup to FortiAuthenticator.


3) Add the local user(s) to the LDAP directory tree:




Create new entries and add the users as appropriate.

Note: For more details on setting up local LDAP service on FortiAuthenticator, refer to the Administration Guide, found here:


4) Query the user(s) via LDAP:




Query the user via an LDAP browser or similar tool (the screenshot uses Softerra LDAP Browser 4.5). The local user entry should include an attribute custom1 (or custom2/custom3) with the value of the custom user field set under Step 2.