I have a customer requirement to integrate with Apple Mac Open directory. From what I can see Fortigate FSAE/FSSO will only work with AD or Novel, however I understand open directry is LDAP based so I should be able to do something similar with LDAP groups. Does anyone know if this is possible or have you tried it. Any help would be great.
this is far more complex issue than just the LDAP. You have to have logon/logoff trigger events, collect them, corelate from different sources ... and you need perhaps some keepalive mechanism to check if the user is still there. Then monitor/filter which groups to look on, refresh group membership ... and, of course, FSSO protocol connection to Fortigate ;)
I have (almost) all of that. I have quite nice UNIX solution, perhaps it can run on Mac too. If you are still interested, drop me an email at astibal [at] netlancers.cz.
Despite the fact this is light-grade advertisement, it is motivated to help you.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.