Integrating an LDAP server with your Fortigate firewall enhances user authentication management, making it easier and more secure. Here’s a straightforward guide to help you configure an LDAP server on your Fortigate device.
Step 1: Log in to the Fortigate Admin Console
Start by accessing your Fortigate device. Open a web browser and type in the IP address of your Fortigate. Once the login page appears, enter your admin username and password.
Step 2: Go to LDAP Server Settings
After logging in, navigate to User & Authentication > LDAP Servers in the left-hand menu. This section allows you to manage LDAP servers.
Step 3: Add a New LDAP Server
Click on the “Create New” button to add a new LDAP server. You’ll need to fill in several fields:
- Name: Give your LDAP server a descriptive name.
- Server IP/Name: Enter the LDAP server’s IP address or hostname.
- Port: Default is 389 for LDAP, 636 for LDAPS.
- Common Name Identifier: Typically “cn” or “sAMAccountName” for Active Directory setups.
- Distinguished Name: Input the base DN (e.g.,
dc=example,dc=com). - Bind Type: Choose between “Simple” or “Regular” binding.
Step 4: Test and Save the Configuration
Before saving, click “Test Connectivity” to ensure the Fortigate can connect to your LDAP server. If the test is successful, click “OK” to save your settings.
Configure an LDAP Server on Fortigate using CLI:
Alternatively you can use the below command to configure an LDAP server on Fortgate using CLI.
config user ldap
edit "my-Ldap-server"
set server "10.1.1.33"
set cnid "sAMAccountName"
set dn "dc=examplead,dc=local"
set type regular
set username "examplead\\Administrator"
set password <password>
set secure ldaps
set ca-cert "CA_Cert_1"
set port 636
next
end
You’ve now successfully set up an LDAP server on your Fortigate firewall. This configuration helps centralize and secure your user authentication processes.
