Is there a way to restrict LDAP authentication to FreeIPA based on ldap user group membership? Currently configured, as suggested in forum, with
set cnid uid
set dn "cn=accounts,dc=<suffix>,dc=<suffix>
However this setup allows ANY ldap user to be successfully authenticated. I can't figure out a way to restrict it to only a specific ldap group in FreeIPA. Suspecting it has to do with one of setting either of the config option group-member-check, group-search-base and group-filter.
Any help will be greatly appreciated!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
after defining the server you have to import users and groups for the usage in policies.
Technical Tip: How to configure LDAP server - Fortinet Community
This should fulfill your use cases, because only users/groups listed in your policy can access ressources.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.