Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Alpha7
New Contributor III

Created on ‎03-23-2017 05:31 AM

remote_wildcard admin account with LDAP?

Has anyone integrated LDAP with Fortimail for admin login?

10166
0 Kudos
2 Solutions
Alpha7
New Contributor III
In response to neonbit

Created on ‎03-28-2017 01:56 AM

Fortinet support has asked to use the following LDAP query, but it is still not working.

query: (&(objectCategory=person)(objectClass=user)(sAMAccountName=$u))

View solution in original post

3059
0 Kudos
Alpha7
New Contributor III
In response to neonbit

Created on ‎04-03-2017 01:08 AM

Yes, it works fine. I was trying to authenticate for a specific user group. so, LDAP query has to be

(&(objectCategory=person)(objectClass=user)(sAMAccountName=$u)(memeberOf= specific usergroup dn))

View solution in original post

3059
0 Kudos
5 REPLIES 5
neonbit
Valued Contributor

Created on ‎03-25-2017 06:38 AM

I've managed to get it to work with using the administrators email address as the username, but can't figure out howto get it to work with usernames only.

 

To get it to work with usernames you just add an LDAP server and select 'Active Directory' for the schema (under User Query Options).

 

Anyone got any ideas on what needs to be edited to use usernames for the login? I have a feeling it's got something to do with the schema but my LDAP skills are lacking :(

3028
0 Kudos
Alpha7
New Contributor III
In response to neonbit

Created on ‎03-28-2017 01:56 AM

Fortinet support has asked to use the following LDAP query, but it is still not working.

query: (&(objectCategory=person)(objectClass=user)(sAMAccountName=$u))

3060
0 Kudos
neonbit
Valued Contributor
In response to Alpha7

Created on ‎03-30-2017 04:48 AM

Hi Alpha, thanks for that I just tested the query and it's working for me.

 

To confirm the bind is working edit your LDAP profile (Profile > LDAP) and goto User Query Options. Click the test button and enter an email + password. If it's failing here then I'd recommend checking your LDAP settings.

 

If it works here then it's probably something in the administrator section.

 

Does your test work in the LDAP profile?

3028
0 Kudos
Alpha7
New Contributor III
In response to neonbit

Created on ‎04-03-2017 01:08 AM

Yes, it works fine. I was trying to authenticate for a specific user group. so, LDAP query has to be

(&(objectCategory=person)(objectClass=user)(sAMAccountName=$u)(memeberOf= specific usergroup dn))

3060
0 Kudos
Mindsvirge
New Contributor
In response to Alpha7

Created on ‎01-16-2021 02:57 PM

I know it's an old tread but I just wanted to point out the typo above memeberOf should be memberOf in the event that you are being lazy and pasting it in, as it cause me some delay and confusion  =o)

 

(&(objectCategory=person)(objectClass=user)(sAMAccountName=$u)(memberOf=CN=Domain Admins,CN=Users,DC=somedomain,DC=com))

 

It worked quite well, thank you.

3028
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.