|Description||This article describes the basic configuration steps required to integrate the Jumpcloud LDAP server into FortiGate.|
|Scope||All currently supported versions of FortiGate.|
For the regular LDAP user to log in, the LDAP binding user has to be configured to gain access to the LDAP directory in order to facilitate authentication requests.
This user need not be a service account. Any JumpCloud user can be set as a binding user but should be treated as a privileged user.
Sample config in the GUI:
Sample config in the CLI:
The sample CLI configuration is as follows:
config user ldap
cnid is set to uid instead of cn/sAMAccountName. UID is an LDAP account attribute that stores a username.
The username would be in the format uid=<userid>,ou=xxxxx,o=xxxxxxxxxxxxxxxxxx,dc=jumpcloud,dc=com.
If MFA is in use, consider the following:
So far, there is not an easy solution to support MFA when connecting to WPA_Enterprise SSID. The push time will be 5 seconds. This timer cannot be changed.
For a wired ethernet connection, it is possible to change the push timer with the remoteauthtimeout value:
config system global
set remoteauthtimeout <-- Specify a value in seconds.