| Description |
This article describes what format of LDAP username should be used when LDAP authentication is integrated in FortiGate. For example: LDAP user authentication to login to FortiGate or for SSL-VPN authentication. |
| Scope | All FortiGate firmware version. |
| Solution |
In this active directory configuration, CN value of a user is 'JohnRice' and SAMAccountName is 'John'.
Case1: When cn value is used under 'Common Name Identifier'.
When user authenticates, it should use username value present in Display Name section in Active Directory.
For example: Username: JohnRice (see in below screenshot).
Few packet capture snippets which shows working and non-working scenario for each case.
If Common Name Identifier: CN is used in the FortiGates's LDAP configuration: - Username: 'JohnRice' will show success LDAP binding response. - Username: 'John' will show unsuccessful LDAP binding response.
Working Scenario.
Search request:
Search response:
Bind request and response after successful search request.
Non-Working scenario.
Search request:
Search response:
Case2: When SAMAccountName is used under Common Name Identifier.
When user authenticates, it should use username value present in 'User logon name' section in Active Directory.
For example: Username: John (see in below screenshot).
If Common Name Identifier: SAMAccountName is used in the FortiGates's LDAP configuration: - Username: 'John' will show successful LDAP binding response. - Username: 'JohnRice' will show unsuccessful LDAP binding response.
Working Scenario.
Non-working.
Search request:
Search response:
 |
Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Spring Badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiGuest
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiSRA
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiScan
- FortiSandbox
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiWAN
- FortiToken
- FortiVoice
- FortiWeb
- FortiAppSec Cloud
- RMA Information and Announcements
- Lacework
- Wireless Controller
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
- Fortinet Community
- Knowledge Base
- FortiGate
- Technical Tip: Username format for LDAP authentica...
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.