FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Kraven2323
Staff
Staff
Article Id 348075
Description This article describes the issue where unexpected users in LDAP who were not configured as LDAP admin can log in to the FortiGate GUI.
Scope FortiGate.
Solution
  1. In the following screenshot, only two admins are configured: the local admin, 'admin,' and the remote LDAP admin, 'Kraken.'

image.png

  1. On further observation, the username 'kraken' type is set with 'wildcard'. This is due to the following setting:
                                                     

    image.png                                   

  2. What this means is, that as long as the users are in the same group as the LDAP user kraken, the users will be able to log in. The example below is where user kraken2 is logged in to the GUI, which is in the same group as kraken.
                            

    image.png                                   

     

  3. To remove the 'wildcard' setting on the admin user if this is not the desirable behavior.

     

     

More information on the wildcard setting is in the referenced document below:
Configuring wildcard admin accounts