DescriptionThe default Active Directory LDAP query on a FortiMail LDAP profile only supports full email addresses as IDs. This article will list the steps to modify the query to support sAMAccountName.
It should be noted that this will only work for administrative access. Webmail access will not work with sAMAccountName. The FortiMail uses the username and domain portion of an email address to match a user to their mailbox. Therefore a login to the Webmail with a username only will not allow the FortiMail to retrieve a mailbox.
ScopeThis has been tested against Windows Server 2008 R2, and Windows Server 2012 R2.
SolutionA) Configure the LDAP Profile
Configure the Base DN, Bind DN, and Bind password. The related article may provide assistance with this configuration.
Select Active Directory for the User Query Options.
Modify the User query to include sAMAccountName.
(&(|(objectClass=user)(objectClass=group)(objectClass=publicFolder))(|(proxyAddresses=smtp:$m)(mail=$m) (sAMAccountName=$u)))
Ensure User Authentication Options is selected, and set to 'Search user and try bind DN'.
Save the LDAP profile. Scroll down to the bottom of the page, and click OK.
B) Configure the Administrator account
Go to System > Administrator > Administrator tab. Click on New...
Configure the following fields:
a. Administrator: Enter the username exactly as it is in Active Directory.
b. Access profile: Assign an access profile which will control the privilege levels of different sections of the administrative GUI.
c. Authentication type: Set authentication type to LDAP and select the profile created in Section A.
d. Click Create to save.
C) Test the configuration
Logout of the current session, and login with the newly created Administrator account from Section B.
If the configuration is correct, the login should be successful.
D) Troubleshooting Notes
1) Ensure the LDAP profile Default Bind Options are entered correctly. For assistance with this refer to the related KB article.
2) Ensure the LDAP query format is preserved after modification. Verify that each opening parenthesis is closed.