Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Somashekara_Hanumant
Staff & Editor
Staff & Editor

Created on ‎01-09-2025 01:56 AM

Article Id 369066

Technical Tip: Remote wildcard admin user with same LDAP group with different administrator profile

Description This article describes the issue with the warning message 'Another wildcard administrator with the same remote group exists' while creating wildcard admin accounts.
Scope FortiGate, LDAP.
Solution

Configure the LDAP server below:

 

config user ldap
    edit "ldap"
        set server "10.108.3.15"
        set cnid "sAMAccountName"
        set dn "dc=dxb-nse8,dc=lab"
        set type regular
        set username "cn=administrator,cn=users,dc=dxb-nse8,dc=lab"
        set password *
    next
end

 

ldap_gui.JPG

 

Configure LDAP groups:

 

user_group.JPG

 

nse8_grp.JPG

 

config user group

    edit "ldap_userss"
        set member "ldap"
            config match
                edit 1
                    set server-name "ldap"
                    set group-name "CN=Salesgrp,OU=Sales,DC=dxb-nse8,DC=lab"
                next
            end
    next
    edit "nse8grp"
        set member "ldap"
            config match
                edit 1
                    set server-name "ldap"
                    set group-name "CN=nse8grp,CN=Users,DC=dxb-nse8,DC=lab"
                next
            end
    next
end

 

Configure wildcard admin account with Super_admin profile:

 

Wild_card.JPG

 

Try to configure another wildcard admin account for the above user group with a different admin profile, then notice the warning message 'Another wildcard administrator with the same remote group exists'.

 

new_wildcard.JPG

 

Then try to configure another wildcard admin account with a different user group and different admin profile, the user should be able to create the same.

 

different-Grp.JPG

 

Wildcard admin profile config from CLI:

 

config system admin

    edit "test.admind"
        set remote-auth enable
        set accprofile "super_admin"
        set vdom "root"
        set wildcard enable
        set remote-group "ldap_userss"
    next
    edit "testadd"
        set remote-auth enable
        set accprofile "prof_admin"
        set vdom "root"
        set wildcard enable

        set remote-group "nse8grp"
    next
end

 

472
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.