FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ethomollari
Staff
Staff

Description

This article describes how to configure remote sync rule in Fortiauthenticator to populate groups automatically from LDAP directory 
In this example, user1 and user2  that are part of the ‘IT’ security group in AD .Via the remote sync rule we will associate those users to the FAC user group : TESTGROUP 
 
Related document. 


Solution

1) Creating the group.
Go to Authentication -> User Management -> Remote User Sync Rules.
 
 
 
 
 
2) Create the remote sync rule 'Test Sync Rule' with the LDAP syntax filter.
3) In the drop down menu : Group to associate users with select the created group :TESTGROUP.
 
 
 
 
4) Run the manual sync : Authentication -> User Management -> Remote User Sync Rules -> Manual Sync Tab.
5) Check the results in the user group, the users are added.
 
 
 
 
Notes.
LDAP filter syntax used: 
 
(&(objectCategory=user)(memberOf:1.2.840.113556.1.4.1941:=CN=IT,CN=Users,DC=forti,DC=lab))

Related Articles

Technical Tip: LDAP filter syntax

Technical Tip: LDAP filter syntax for groups and remote user sync rules

Contributors