# config user ldapThe secondary- and tertiary- addresses can be added as backup servers. The servers are always contacted in this exact order: server, secondary-server, tertiary-server. The backups are only considered if the previous one is not responding.
edit “<my-ldap-server>”
set server <IP | FQDN>
set secondary-server <IP | FQDN>
set tertiary-tertiary server <IP | FQDN>
set port <389>The standard ports are TCP/389 for LDAP and TCP/636 for LDAPS. This option is automatically changed when changing the secure option (explained further down).
set source-ip <IP>This specifies which IP has to be used as the source of the packet when FortiGate contacts the LDAP server. As with other source-ip options in FortiOS configuration, this must be an IP of one of the FortiGate’s interfaces, arbitrary IPs are not allowed. Egress interface for the packets is decided based on the routing table.
set secure disable | starttls | ldapsThis option controls encryption of the LDAP traffic.
set ssl-min-proto-version default | SSLv3 | TLSv1 | TLSv1-1 | TLSv1-2This option controls the minimum acceptable version of the SSL/TLS protocol. If the LDAP server offers a weaker version than what is configured here, FortiGate will abort the connection.
set ca-cert <certificate>This option sets which CA certificate is acceptable for the SSL/TLS connection. If the LDAP server presents itself with a certificate signed by a different CA, FortiGate will abort the connection.
config system global → set remoteauthtimeout <1~300; default 5; in seconds>This option controls the maximum time allowed for processing a single authentication attempt against a remote authentication server (LDAP, RADIUS, TACACS+).
config system global → set ldapconntimeout <1~300000; default 500; in milliseconds>This options controls how long the FortiGate is willing to wait for the session to the LDAP server to be established. In case of plain LDAP or startTLS, the limit applies to the establishment of the TCP session; for LDAP this includes the SSL/TLS handshake as well.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.