FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
zzarrouk
Staff
Staff

Description
This article describes how to ensure successful LDAP authentication towards Redhat FreeIPA server.

- The FreeIPA server has a different LDAP tree schema. It is composed of two sub-tree:
cn=accounts,dc=<suffix>,dc=<suffix> and cn=compat,dc=<suffix>,dc=<suffix>

- When the FortiGate performs an LDAP query using the memberOf attribute, it is expected to receive
only one unique results. However, the FortiGate will receive two identical users from both sub-tree which will generate an authentication error.

Solution
User should configure one of the specific sub-tree under the LDAP configuration.

The following configuration will make the FortiGate ensure successful LDAP authentication towards the FreeIPA server:

#config user ldap
edit <ldap>
set cnid uid
set dn "cn=accounts,dc=<suffix>,dc=<suffix> OR cn=compat,dc=<suffix>,dc=<suffix>
end

 

Contributors