Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Fortigate LDAP Authentication To FreeIPA with Group Filtering

Is there a way to restrict LDAP authentication to FreeIPA based on ldap user group membership? Currently configured, as suggested in forum, with


set cnid uid
set dn "cn=accounts,dc=<suffix>,dc=<suffix>


However this setup allows ANY ldap user to be successfully authenticated. I can't figure out a way to restrict it to only a specific ldap group in FreeIPA. Suspecting it has to do with one of setting either of the config option group-member-check, group-search-base and group-filter.


Any help will be greatly appreciated!

New Contributor


after defining the server you have to import users and groups for the usage in policies.


Technical Tip: How to configure LDAP server - Fortinet Community


This should fulfill your use cases, because only users/groups listed in your policy can access ressources.


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors