FortiMail
FortiMail provides advanced, multi-layer protection against the full spectrum of email-borne threats
iyotov
Staff
Staff
Article Id 193534

Description

 
This article describes how to allow users to log in to personal quarantine with their Active Directory credentials using LDAP.


Scope

 
All FortiMail versions.


Solution

 

  1. Create an LDAP profile in FortiMail.

  • Go to Profile -> LDAP -> New.
  • Set profile name.
  • Set server IP and port number.
  • Expand the 'User Query Options'.
  • Set Schema: Active Directory.
  • Set the Base DN (In this example the domain is 'tri.ton').
  • Set the Bind DN and password. This is a service account in the AD, that can bind and get user information.
  • Under 'User Authentication Options' select 'Search user and try bind DN'.
  • Select the 'Create' button.

iyotov_FD38647_tn_FD38647-1.jpg
 
  1. Edit the newly created LDAP profile and test.

  • Open the profile for editing.
  • Select [Test LDAP Query].
  • From the drop-down menu 'Select query type' and choose 'Authentication'.
  • Type the test user’s email address and password.
  • Select test.
  • If everything is ok the result should be 'Bind successful'.

iyotov_FD38647_tn_FD38647-2.jpg

 

iyotov_FD38647_tn_FD38647-3.jpg


In case of problem with the user credentials the response will be 'Failed to bind'. In case of incorrect LDAP server settings (IP/port) there will be an error 'Connection failure'.

 

  1. Apply the LDAP profile in recipient policy.

  • Go to Policy -> Policies -> New (or Edit).
  • Expand 'Authentication and Access'.
  • Select 'Authentication type' LDAP.
  • Select the LDAP profile.
  • Enable the access options that are required.
  • Select 'Create'/OK.

iyotov_FD38647_tn_FD38647-4.jpg


Note that when the WebMail user is trying to login, only the 1st policy with matching 'Recipient Pattern' is applied. If there are multiple Recipient Policies with 'Recipient Pattern' that may match the login 'user@domain' combination, the authentication options need to be configured in all of them.

  1. Once spam messages are quarantined, users should be able to login to http://<FortiMail_address>/mail/ and view the quarantine mailboxes.

iyotov_FD38647_tn_FD38647-5.jpg