Go to User Groups to create LDAP based on the attribute Organizational Unit (OU) as below:

Go to User Groups -> Create New.

Make sure to filter LDAP users based on OU, as in the example below, in which OU=fortinet.

Then, create a FortiGate policy to add the LDAP user to the Captive portal:

Go to Policy & Objects -> Firewall Policy and select 'Create new/Edit.'

Enable the following features:

1. Assign the User/Group in the source section and address the object. Use the 'all' address object if it does not want to specify any IP addresses.

config firewall policy
    edit 1
        set name "example-policy"
        set srcintf "port2"
        set dstintf "port1"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "ALL"
        set groups "LDAP" <--- Name of LDAP group.
        set disclaimer enable
        set auth-cert "Fortinet_CA_SSL"
        set nat enable
        set redirect-url "www.fortinet.com"
    next
end

2. Enable disclaimer (Optional) in the policy using CLI:

    

   config firewall policy

       edit <x>

           set disclaimer enable

       next

   end

    

   

    

    

3. Redirect to a specific website after user authentication.

    

Note that this option is available only if you turn on the disclaimer option on item (2).

config firewall policy

    edit <x>

        set disclaimer enable

        set redirect-url "www.fortinet.com"

    next

end

The page will redirect to Fortinet as per the configuration in the CLI.