Users and authentication
Configuring LDAP support
FortiGate-60R Installation and Configuration Guide
175
Configuring LDAP support
If you have configured LDAP support and a user is required to authenticate using an
LDAP server, the FortiGate unit contacts the LDAP server for authentication. To
authentication with the FortiGate unit, the user enters a user name and password. The
FortiGate unit sends this user name and password to the LDAP server. If the LDAP
server can authenticate the user, the user is successfully authenticated with the
FortiGate unit. If the LDAP server cannot authenticate the user, the connection is
refused by the FortiGate unit.
The FortiGate unit supports LDAP protocol functionality defined in RFC2251 for
looking up and validating user names and passwords. ForitGate LDAP supports all
LDAP servers compliant with LDAP v3.
FortiGate LDAP support does not extend to proprietary functionality, such as
notification of password expiration, that is available from some LDAP servers.
FortiGate LDAP support does not supply information to the user about why
authentication failed.
LDAP user authentication is supported for PPTP, L2TP, IPSec VPN and firewall
authentication. With PPTP, L2TP, and IPSec VPN, PAP (packet authentication
protocol) is supported and CHAP (Challenge-Handshake Authentication Protocol) is
not.
This section describes:
•
Adding LDAP servers
•
Deleting LDAP servers
Adding LDAP servers
To configure the FortiGate unit for LDAP authentication:
1
Go to
User > LDAP
.
2
Select New to add a new LDAP server.
3
Enter the name of the LDAP server.
You can enter any name. The name can contain numbers (0-9), uppercase and
lowercase letters (A-Z, a-z), and the special characters - and _. Other special
characters and spaces are not allowed.
4
Enter the domain name or IP address of the LDAP server.
5
Enter the port used to communicate with the LDAP server.
By default LDAP uses port 389.
6
Enter the common name identifier for the LDAP server.
The common name identifier for most LDAP servers is cn. However some servers use
other common name identifiers such as uid.
Содержание FortiGate 60R
Страница 12: ...Contents 12 Fortinet Inc...
Страница 26: ...26 Fortinet Inc Customer service and technical support Introduction...
Страница 42: ...42 Fortinet Inc Next steps Getting started...
Страница 106: ...106 Fortinet Inc Registering a FortiGate unit after an RMA Virus and attack definitions updates and registration...
Страница 138: ...138 Fortinet Inc Customizing replacement messages System configuration...
Страница 228: ...228 Fortinet Inc Logging attacks Network Intrusion Detection System NIDS...
Страница 242: ...242 Fortinet Inc Exempt URL list Web filtering...
Страница 256: ...256 Fortinet Inc Configuring alert email Logging and reporting...
Страница 260: ...260 Fortinet Inc Glossary...
Страница 270: ...270 Fortinet Inc Index...