Description |
This article describes what format of LDAP username should be used when LDAP authentication is integrated in FortiGate. For example: LDAP user authentication to login to FortiGate or for SSL-VPN authentication. |
Scope | All FortiGate firmware version. |
Solution |
In this active directory configuration, CN value of a user is 'JohnRice' and SAMAccountName is 'John'.
Case1: When cn value is used under 'Common Name Identifier'.
When user authenticates, it should use username value present in Display Name section in Active Directory.
For example: Username: JohnRice (see in below screenshot).
Few packet capture snippets which shows working and non-working scenario for each case.
If Common Name Identifier: CN is used in the FortiGates's LDAP configuration: - Username: 'JohnRice' will show success LDAP binding response. - Username: 'John' will show unsuccessful LDAP binding response.
Working Scenario.
Search request:
Search response:
Bind request and response after successful search request.
Non-Working scenario.
Search request:
Search response:
Case2: When SAMAccountName is used under Common Name Identifier.
When user authenticates, it should use username value present in 'User logon name' section in Active Directory.
For example: Username: John (see in below screenshot).
If Common Name Identifier: SAMAccountName is used in the FortiGates's LDAP configuration: - Username: 'John' will show successful LDAP binding response. - Username: 'JohnRice' will show unsuccessful LDAP binding response.
Working Scenario.
Non-working.
Search request:
Search response:
|