Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
lradmin
New Contributor

Fortigate LDAP Authentication To FreeIPA with Group Filtering

Is there a way to restrict LDAP authentication to FreeIPA based on ldap user group membership? Currently configured, as suggested in forum, with

 

set cnid uid
set dn "cn=accounts,dc=<suffix>,dc=<suffix>

 

However this setup allows ANY ldap user to be successfully authenticated. I can't figure out a way to restrict it to only a specific ldap group in FreeIPA. Suspecting it has to do with one of setting either of the config option group-member-check, group-search-base and group-filter.

 

Any help will be greatly appreciated!

1 REPLY 1
JackTrades
New Contributor

Hi,

after defining the server you have to import users and groups for the usage in policies.

 

Technical Tip: How to configure LDAP server - Fortinet Community

 

This should fulfill your use cases, because only users/groups listed in your policy can access ressources.

Labels
Top Kudoed Authors