Help
FortiMail
FortiMail provides advanced, multi-layer protection against the full spectrum of email-borne threats
ahsanali_FTNT
Staff
Staff

Created on ‎08-11-2016 08:18 AM Edited on ‎12-18-2025 04:42 AM By Staff

Article Id 191858

Technical Tip: Setup a LDAP profile on FortiMail for Windows Active Directory Group Query for Group based Recipient Policy matching

Description


This article describes the changes required to configure FortiMail LDAP profile to support Group Query against a Windows Active Directory LDAP server.


Scope


This has been tested against Windows Server 2008 R2, and Windows Server 2012 R2.


Solution


Section A - Configure the LDAP Profile:

  1. Refer to Configuring LDAP profiles  for complete steps on how to setup the Default Bind Options and User Query Options for Windows Active Directory.
  2. Configure the Group Query Options
 
  • LDAP_group.JPGGroup membership attribute - For Windows Active Directory this is memberOf.

     

  • Select Use group name with base DN as group DN
  • Group base DN - Enter the DN of the Group Container in your Active Directory. In this example, the Groups are all configured in the User container.
  • Group name attribute: For Windows Active Directory, this is CN. Eensure the check mark beside Group Query Options is selected.
  • Save the configuration. Scroll down to the bottom of the page and select Apply.
  • Test the configuration. select [Test LDAP Query...].
 
Labels:
5623
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.