Description
This article describes how to allow users to log in to personal quarantine with their Active Directory credentials using LDAP.
Scope
FortiMail.
Solution
- Create an LDAP profile in FortiMail:
- Go to Profile -> LDAP -> New.
- Set profile name.
- Set server IP and port number.
- Expand the 'User Query Options'.
- Set Schema: Active Directory.
- Set the Base DN (In this example, the domain is 'tri.ton').
- Set the Bind DN and password. This is a service account in the AD that can bind and get user information.
- Under 'User Authentication Options' select 'Search user and try bind DN'.
- Select the 'Create' button.
-
Edit the newly created LDAP profile and test.
- Open the profile for editing.
- Select [Test LDAP Query].
- From the drop-down menu 'Select query type' and choose 'Authentication'.
- Type the test user’s email address and password.
- Select test.
- If everything is ok, the result should be 'Bind successful'.
In case of a problem with the user credentials, the response will be 'Failed to bind'. In case of incorrect LDAP server settings (IP/port), there will be an error 'Connection failure'.
- Apply the LDAP profile in the recipient policy.
- Go to Policy -> Policies -> New (or Edit).
- Expand 'Authentication and Access'.
- Select 'Authentication type' LDAP.
- Select the LDAP profile.
- Enable the access options that are required.
- Select 'Create'/OK.
When a WebMail user logs in, only the authentication profile from the first policy that matches the Recipient Pattern is applied.
If multiple Recipient Policies have different Recipient Patterns, authentication options must be configured in all of them.
An incorrect policy order may cause WebMail or quarantine access issues. See Technical Tip: Webmail access issue
- Once spam messages are quarantined, users should be able to log in to http://<FortiMail_address>/mail/ and view the quarantine mailboxes.
