Description
This article describes how to configure the LDAP authentication for extensions regarding to login with it in User Portal and in FortiFone softclient.
Scope
Version: 6.0.x and 6.4.x
Solution
Firstly, follow the below link to configure the LDAP profile and do a successful test query:
There are two options to configure user authentication
Option 1:
If the LDAP profile is configured with 'Try Common Name with Base DN as Bind DN' which means that each extension will be manually mapped to specific username.
Follow the below steps:
1) Phone System - > LDAP - > LDAP Profile - > edit the LDAP profile
2) Under User Authentication Options, select 'Try Common Name with Base DN as Bind DN'
3) Then configure 'Common name ID' with value 'cn' to map the username or the attribute that needs to be mapped from the LDAP server.
4) Then Go to Extension - > Extension - > IP Extension - > edit the extension
5) Under User Setting, in the Web Access tab, with Authentication type to LDAP with the configured LDAP profile.
6) Configure 'Authentication ID:' with the username 'cn value' for the user that needs to mapped or authenticate this extension with his account. This example username is 'user1'
7) Once the above steps are completed, open the User Portal and in 'Username filed' type the extension number and in 'Password' type the password's of configured username in this extension.
Option 2:
If the LDAP profile is configured with 'Search User and Try Bind DN' this means that the LDAP server is already configured with extension numbers for each user, and there is an attribute included in the extension number so user will not need to configure each extension with Authentication ID.
Follow the below steps:
1) Phone System - > LDAP - > LDAP Profile - > edit the LDAP profile
2) Under User Authentication Options, select 'Search User and Try Bind DN'
3) In LDAP user query, the default scheme query for AD is: (&(objectClass=user)(telephonenumber=$u))
Which means that in AD the attribute "telephonenumber" in each user has the extension number.
Leave the rest of the options the default.
5) Then Go to Extension - > Extension - > IP Extension - > edit the extension
6) Under User Setting, in the Web Access tab, with Authentication type to LDAP with the configured LDAP profile.
7) Leave 'Authentication ID:' empty
8) Once the above steps are completed, open the User Portal and in 'Username filed' type the extension number and in 'Password' type the LDAP user password that this extension belongs.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.