Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
loic
New Contributor III

Manage different source ip for ldap

I' ve a specific problem and I don' t know how to solve it. I want to use an ldap server on multiple fortigate managed with a Fortimanager (v5.0.7) I use TCL script to get the ip address of internal interface and use it as source-ip for my ldap (exemple here : http://www.fortihelp.com/2013/03/tcl-scripting-with-fortimanager-40.html) But as ldap is definied in the policy package, each time I push the policy package config, this parameter is erased. Do you have any ideas how to solve this ?
Loïc
Loïc
1 REPLY 1
loic
New Contributor III

personal response for those in the same situation

Using TCL Script with Fortimaneger 5.2, you can define policies object and dynamic mapping

 

here's an exemple for ldap : 

#!
puts [exec_ondb "/adom/root/pkg/policyPackageName" "
config user ldap
edit \"AD-LDAP\"
set server \"10.1.1.1\"
set cnid \"sAMAccountName\"
set dn \"dc=domain,dc=corp\"
set type regular
set username \"cn=admin-fgt,ou=admi,dc=domain,dc=corp\"
set password ENC ***
config dynamic_mapping
edit \"Fortigate01\"-\"root\"
set server \"10.1.1.1\"
set cnid \"sAMAccountName\"
set dn \"dc=domain,dc=corp\"
set type regular
set username \"cn=admin-fgt,ou=admi,dc=domain,dc=corp\"
set password ENC ***
set source-ip 10.5.1.1
next
end

I'm still looking for a loop for all my fortigate

Loïc
Loïc
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors