Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
zzarrouk
Staff
Staff

Created on ‎09-03-2019 05:35 AM Edited on ‎05-25-2022 02:37 PM By Anonymous

Article Id 197654

Technical Tip: Fortigate LDAP Authentication towards FreeIPA

Description
This article describes how to ensure successful LDAP authentication towards Redhat FreeIPA server.

- The FreeIPA server has a different LDAP tree schema. It is composed of two sub-tree: cn=accounts,dc=<suffix>,dc=<suffix> and cn=compat,dc=<suffix>,dc=<suffix>

- When the FortiGate performs an LDAP query using the memberOf attribute, it is expected to receive only one unique results. However, the FortiGate will receive two identical users from both sub-tree which will generate an authentication error.

Solution
User should configure one of the specific sub-tree under the LDAP configuration.

The following configuration will make the FortiGate ensure successful LDAP authentication towards the FreeIPA server:

#config user ldap
edit <ldap>
set cnid uid
set dn "cn=accounts,dc=<suffix>,dc=<suffix> OR cn=compat,dc=<suffix>,dc=<suffix>
end

 

4521
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.