Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

LDAP and Groups

We' re currently working with a Fortigate 80cm firewall on a windows 2008 domain. We' d like to use LDAP integration for SSLVPN access for end users. The LDAP " authentication" is setup and confirmed working. The fortigate documentation I have found instructs to import LDAP users into the fortigate and then put them into a group on the fortigate and set the group for VPN access. However, ideally we want to be able to add/remove users from a group in AD directly to grant/remove VPN permissions. Is there a way to import an AD group into the fortigate and just use AD to manage the group members? If not, is there an alternate method?
Valued Contributor III

Welcome to the forums. This post is a bit dated, but may still give some insight.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at:

Bob - self proclaimed posting junkie!See my Fortigate related scripts at:
Contributor II

I can add to that that when I set up LDAP for users, then I don' t import anything, FG checks against AD and user management takes place in AD, not in FG. About importing users to FG: maybe that is something FSSO-related? I am not sure.
Check out our Community Chatter Blog! Click here to get involved
Top Kudoed Authors