Description
This article is a brief discussion of the advantages and disadvantages of using Standard versus Advanced Windows Directory Access Methods on the Collector Agent.
Solution
The main difference between Standard and Advanced mode is the naming convention for identifying groups.
Standard mode:- uses the regular Windows convention: Domain\Username
Advanced mode:- uses LDAP: CN=User, OU=Name, DC=Domain
If there is no special requirement to use LDAP Fortinet recommend a setup of FSSO in Standard mode. This mode is easier to setup, has less configuration, and is usually easier to maintain and troubleshoot.
Standard mode will provide same level of functionality as Advanced mode except for:
Users have to create Group filters from Collector agent and not from FortiGate as with Advanced mode. This should not be a constraint and Fortinet strongly encourages users to create filters from CA.
Advanced mode supports nested groups. This means that users may be a member of multiple monitored groups. Standard mode does not support nested groups so a user must be a direct member of the group being monitored.
Related Articles
Technical Note : FSAE Troubleshooting Guide
