Ldapprofile profile group | Fortinet 3.0 MR4 guide

ldap_profile profile group

set

ldap_profile profile group

Use these commands to configure an LDAP group query.

Syntax

set ldap_profile profile <name_str> group groupstate {enable disable} set ldap_profile profile <name_str> group groupstate {enable disable} virtual {enable disable} memberofattribute <attr_str> relativename {enable disable} basedn <basedn_str> groupnameattribute <grp_str>

Keywords and Variables	Description	Default

<name_str>	Enter the name of the LDAP profile.
groupstate {enable disable}	Enable or disable group LDAP queries.	disable
virtual {enable disable}	Enable this option to specify any LDAP tree node. Any node	disable
	that falls under the specified tree node will be considered a
	member of the group. Since the specified node isn’t defined
	as a group in the LDAP database, the FortiMail unit sees it
	as a sort of ‘virtual group.’
membershipattribute	Enter the user attribute that defines the groups the user
<attr_str>	belongs to. For example, this attribute is memberOf for
	Active Directory servers.
relativename {enable	With the appropriate information entered, the admin need	disable
disable}	only enter the LDAP group name when creating a recipient-
disable}	based policy, for example. If this option is disabled, the
	group name attribute, group name, and group base DN must
	be specified in the policy.
basedn <basedn_str>	Enter the group base DN if relativename is enabled.
groupnameattribute <grp_str>	Enter the group name attribute if relativename is
	enabled.

History

FortiMail v3.0 MR3 New.

Related topics

•set ldap_profile clearallcache

•set ldap_profile profile auth

•set ldap_profile profile clearcache

•set ldap_profile profile pwd

•set ldap_profile profile routing

•set ldap_profile profile server

•set ldap_profile profile user

•unset ldap_profile

	FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
194	06-30004-0420-20080814

Image 194

Contents

I R E F E R E N C E Trademarks Contents Get Set 122 157 167 198 237 275 Unset 353 Index 361 Page About the FortiMail Secure Messaging Platform About this document BODYH4You must authenticate to use this Execute restore config filenamestrAuthentication/TITLE/HEAD Service./H4 FortiMail documentation FortiMail QuickStart Guides Customer service and technical support Comments on Fortinet technical documentation What’s new Bypassbounceverify 06-30004-0420-20080814 Set console CLI command syntaxSet console page lengthint Connecting to the CLI Set allowaccess ping https ssh snmp http telnet Get system interface FortiMail-400 loginWelcome CLI command branches To connect to the CLI using SSH Execute Execute restore Backup configExecute backup config namestr serveripv4 Execute checkmaildisk ChecklogdiskExecute checklogdisk Execute checklogdisk CheckmaildiskExecute checkmaildisk Clearqueue Execute clearqueue Factoryreset Execute factoryreset Execute formatlogdisk Execute formatmaildisk Execute formatmaildiskbackupFormatlogdisk Formatmaildisk Execute formatmaildisk Execute formatmaildisk FormatmaildiskbackupExecute formatmaildiskbackup Execute maintain mailqueue clear age 23d MaintainExecute maintain mailqueue clear age ageunit Execute clearqueue Execute ping Execute traceroute NslookupExecute nslookup host mx nameserver Execute partitionlogdisk logint Partitionlogdisk Execute ping-option PingExecute ping hostname hostipv4 Execute ping Ping-optionExecute ping-option option Execute reload RebootExecute reboot Execute reload Execute rebootReload Execute backup config RestoreExecute restore config image namestr serveripv4 Shutdown Execute shutdown Execute smtptest 192.168.100.225 domain example.com SmtptestExecute smtptest ipv4addrport domain domainstr Telnettest Execute telnettest hostipv4port Execute maintain Execute ping TracerouteExecute traceroute hostipv4 Update config Execute update config Updatecenter updatenow Execute updatecenter updatenow Updatecenter updatenow Get Get alertemail setting Alertemail configurationGet alertemail configuration Alertemail setting Get alertemail configuration Antivirus Get antivirus Get as option Get History Auth Get auth imap pop3 radius smtp Get av profilename Config Get config searchstring Console Get console Fshd status Get fshd status Get ippolicy policynumber Is disabled, Difference are not allowedIppolicy Get ipprofile Get ipprofile Set ippool Set ippool addentry IppoolGet ippool namestr Ipprofile Get ipprofile profilename Get ippolicy Ldapprofile Get ldapprofile profile namestr Limits Get limits Log elog Get log elog Set log setting local Set log setting syslog Log logsettingGet log logsetting Set log msisdn Set log view fields Log msisdnGet log msisdn Log policy Get log policy Get log query Set log reportconfig qryLog query Log reportconfig FortiMail v3.0 New Log view Get log view event history spam virus Mailserver Get mailserver Mailserver access Get mailserver access Get mailserver archive exemptlist local policy remote Mailserver archiveGet mailserver archive Mailserver localdomains Get mailserver localdomain Get mailserver smtp setting Mailserver smtp Mailserver systemquarantine Get mailserver systemquarantine Misc profile Get misc profilename Get outpolicy Get outprofile OutcontentGet outcontent namestr Get outpolicy namestr Get outcontent Get outprofileOutpolicy Get outprofile namestr Get outcontent Get outpolicyOutprofile Policy Get policy fqdn Spam deepheader Get spam deepheader Spam heuristic rules Get spam heuristic rules Spam retrieval policy Get spam retrieval policy fqdnstr System Get system item Time ntp Snmp thresholdStatus Time time Get userpolicy UserGet user item Alias Group Ldap map Mail Map Get user UserpolicyGet userpolicy namestr Page Set Set alertemail deferq Set alertemail setting option Alertemail configuration mailtoSet alertemail configuration mailto none 000 Alertemail deferqTriggervalue Intervalminutes Set alertemail setting option diskfull quotafull Alertemail setting optionSet alertemail setting option optionlist none Set alertemail configuration mailto Set alertemail deferq Set antivirus enable disable Set as profile modify whitelistword As blacklistactionSet as blacklistaction reject discard profile Expiryint As bounceverifyTagexpiry Set ipprofile sendervalidation As control autorelease Set as control autorelease delete release controlaccount As control bayesian Set as profile modify bayesian Set as profile modify actions As greylist Set as profile modify greylist As mmsreputation Set ipprofile mmsreputation As profile delete Set as profile namestr delete As profile modify actions Auto-release Enable disableAs profile modify auto-release Webrelease Set as profile modify bannedwordlist Set as profile namestr modify bannedword enable disableAs profile modify bannedword As profile modify bannedwordlist Set as profile modify bannedword As profile modify bayesian Set as control bayesian Headeranalysis Enable disable CheckipAs profile modify deepheader FortiMail v3.0 MR1 checkip and headeranalysis added Dictint As profile modify dictionaryDictprofile Set as profile modify dnsblserver Set as profile namestr modify dnsbl enable disableAs profile modify dnsbl Hoststr As profile modify dnsblserverSet as profile modify dnsbl Move-to newint Set as profile namestr modify forgedip enable disable As profile modify forgedip As profile modify fortishield Set as profile namestr modify greylist enable disable As profile modify greylist As profile modify heuristic As profile modify imagespam Aggressive Subject reject As profile modify individualaction scannerScanner bannedword Discard forward Days daysint As profile modify quarantineSet as control autorelease Set as spamreport As profile modify rewritercpt Maxsize sizeint As profile modify scanoptionsBypassonauth Set as profile modify surblserver Set as profile namestr modify surbl enable disableAs profile modify surbl Rename-to newstr As profile modify surblserverSet as profile modify surbl Header As profile modify tagsHtag tagstr Stag tagstr Set as profile namestr modify virus enable disable As profile modify virus Set as profile modify whitelistwordlist Set as profile namestr modify whitelistword enable disableAs profile modify whitelistword As profile modify whitelistwordlist As spamreport Set as control autorelease Set as profile modify quarantine As trusted Set auth imap server Auth imap rename-toSet auth imap namestr rename-to newstr Serveripv4 Port portint Auth imap serverSet auth imap rename-to Option ssl secure Set auth pop3 server Auth pop3 rename-toSet auth pop3 namestr rename-to newstr 110 Auth pop3 serverSet auth pop3 rename-to Set auth radius server Auth radius rename-toSet auth radius namestr rename-to newstr Set auth radius rename-to Passwordstr DomainAuth radius server Serveripv4 Secret Set auth smtp server Auth smtp rename-toSet auth smtp namestr rename-to newstr Auth smtp server Set auth smtp rename-to Av delete Set av avprofname delete Av modify actions Set av avprofname modify actions discard reject Set av avprofname modify heuristic enable disable Av modify heuristic Av modify heuristic heuristicaction Set av avprofname modify scanner enable disable Av modify scanner Av rename-to Set av avprofname rename-to newnamestr Baudrate 9600 38400 57600 Mode batch lineSet system appearance Set system option Lineint Set content modify filetype Set content modify monitor Content deleteSet content namestr delete Content modify action Set content modify action Set content modify filetype Content modify bypassonauthSet content namestr modify bypassonauth enable disable Set content modify bypassonauth Set content modify filetype Content modify defersizeSet content namestr modify defersize sizeint Filetypestr Content modify filetypeSet content modify action Set content modify monitor Blocked Content modify monitor Set content modify monitor action None Content modify monitor actionAction none Replace review 155 Fshd Set ippolicy policyint Set ippolicy delete Set ippolicy move Policyint Ippolicy actionSet ippolicy policyint action scan reject tempfail Scan Ippolicy as Set ippolicy policyint as namestr Ippolicy auth Ippolicy av Set ippolicy policyint av namestr Ippolicy content Set ippolicy policyint content namestr Set ippolicy Set ippolicy move Ippolicy deleteSet ippolicy policyint delete Set ippolicy policyint exclusive enable disable Ippolicy exclusive Ippolicy ip Set ippolicy policyint ip namestr Ippolicy match gateway and server modes Set ippolicy policyint match clientipv4/mask Clientipv4/mask Ippolicy match transparent modeSet ippolicy match gateway and server modes 0.0/0 Set ippolicy Set ippolicy delete Ippolicy moveSet ippolicy policyint move newint Ippolicy smtp Set ippool namestr Set ippool Set ippool delentry Set ippool delete Get ippool Ippool addentrySet ippool namestr addentry ipv4 sizeint Ipv4 RangeIDint Ippool delentrySet ippool namestr delentry rangeIDint Set ippool Set ippool addentry Set ippool delete Get ippool Ippool delete Set ippool namestr delete 174 Ipprofile check Splice SenddsnSender Integer seconds Ipprofile connection Set ipprofile rename Ipprofile deleteSet ipprofile namestr delete Free int Ipprofile errorInitialdelay int Increment int Ipprofile headermanipulation Emails int Ipprofile limitRset int Ipprofile list Ipprofile mmsreputation Set ipprofile delete Ipprofile renameSet ipprofile namestr rename newstr Ipprofile senderreputation Ipprofile sendervalidation 187 Ratecontrol Ipprofilesetting ratecontrolSet ipprofilesetting ratecontrol connection message Connection Antivirus avstr Ldapprofile profile asavAntispam asstr Asavstate Ldapprofile clearallcache Set ldapprofile clearallcache Ldapprofile profile auth Ldapprofile profile clearcache Set ldapprofile profile namestr clearcache Serveripv4 Ldapprofile profile fallbackserverFallbackserver hoststr 389 Ldapprofile profile group Ldapprofile profile option Ldapprofile profile pwd Ldapprofile profile routing Secure none ssl Ldapprofile profile serverServer hoststr Ldapprofile profile user Ldapprofile profile user Set Limits domain-level AdminintAdminperdomint Profilesint Limits system-level generalDomainint Limits system-level groups Set limits system-level groups groupsint membersint Limits system-level mail-users Set limits system-level mail-users usersint Limits system-level other-profiles Ipint Limits system-level policiesSet limits system-level policies ipint outgoingint Outgoingint 207 Set log msisdn enable disable Log policy destination event Log policy destination history Log policy destination spam Detected none Log policy destination virus Infected none Log reportconfig direction Domainname2 Log reportconfig domainDomainname1 Domainname3 Emailaddr2 Log reportconfig mailtoEmailaddr1 Emailaddr3 Log reportconfig period Querystr2 Querystr3 Log reportconfig qryQry querystr1 Days daysstr dates Log reportconfig schedule hourSchedule hour daily Datesint Severityinteger Log setting consoleEnable disable Loglevel Emergency Log setting local Log setting syslog Log setting syslog Set Log view fields History spam virus Loglevel Log view loglevelLoglevel event Set move Patternstr AuthenticatedRule number Senderpattern Profilestr Permission ok MR4 Added authenticated and tlsprofileTlsprofile Relay reject Mailserver archive account Mailserver archive exemptlist Set mailserver archive exemptlist exemptid ? Mailserver archive local quota Set mailserver archive local quota quotaint Recipient subject Mailserver archive policySet mailserver archive policy policyid ? Body Mailserver archive remote Mailserver deadmail Set mailserver deadmail value Smtp Portnumber Mailserver portnumberPop3 Portnumber Smtps portnumber Mailserver proxy smtp interface Set mailserver proxy smtp unknown Set mailserver proxy smtp interface Mailserver proxy smtp unknownSet mailserver proxy smtp unknown hide original Hide Mailserver relayserver AuthenticationEnable disable Username namestr Port portnumber Stoptime hhmm Mailserver smtp deferbigmsgStarttime hhmm Mailserver smtp delivery Set mailserver smtp delivery noesmtp yes no Mailserver smtp dsn Mailserver smtp ldapdomaincheck Mailserver smtp queue Mailserver smtpauth Set mailserver smtpssl enabled disabled Mailserver smtpssl Client type Type disableMailserver smtp storage Dir Set mailserver smtp storage cquar type client Mailserver smtp storage cquarClient server Mailserver smtp storage cquar Set Set content modify action Set content modify monitor action Set misc profile rename-to Misc profile deleteSet misc profile namestr delete Quotaint Misc profile modify quotaSet misc profile namestr modify quota quotaint Userstatus Set misc profile namestr modify userstatus enable disableMisc profile modify userstatus Misc profile modify webmailaccess Webmailaccess Set misc profile delete Misc profile rename-toSet misc profile namestr rename-to newstr Outcontent delete Set outcontent namestr delete Forward reject Outcontent modify actionSet outcontent modify action Set outcontent modify monitor Set outcontent modify action Set outcontent modify filetype Outcontent modify bypassonauthSet outcontent namestr modify bypassonauth enable disable Outcontent modify filetype Review Outcontent modify monitor actionReject replace Tags header enable Outcontent modify monitorSet outcontent modify monitor action 259 Set outpolicy move-to Set outpolicy rename-to Outpolicy profile deleteSet outpolicy userstr delete Outpolicy modify Set outpolicy profile delete Set outpolicy rename-to Outpolicy move-toSet outpolicy userstr move-to newint Set outpolicy profile delete Set outpolicy move-to Outpolicy rename-toSet outpolicy userstr rename-to newstr Set outprofile profile rename-to Outprofile profile deleteSet outprofile profile namestr delete Namestr Review enable disableOutprofile profile modify actions Outprofile profile modify bannedword Outprofile profile modify bannedwordlist Outprofile profile modify bayesian Outprofile profile modify deepheader Outprofile profile modify dictionary Set outprofile profile namestr modify dnsbl enable disable Outprofile profile modify dnsbl Outprofile profile modify dnsblserver Outprofile profile modify fortishield Outprofile profile modify greylist Enable disable Upper-level Outprofile profile modify heuristic Outprofile profile modify imagespam Outprofile profile modify individualaction scanner Action Outprofile profile modify scanoptions Set outprofile profile namestr modify surbl enable disable Outprofile profile modify surbl Outprofile profile modify surblserver Outprofile profile modify tags Set outprofile profile namestr modify virus enable disable Outprofile profile modify virus Outprofile profile modify whitelistword Set outprofile profile modify whitelistwordlist Outprofile profile modify whitelistwordlist Set outprofile profile modify whitelistword Set outprofile profile delete Outprofile profile rename-toSet outprofile profile namestr rename-to newstr 286 Set policy modify rename-to Policy deleteSet policy fqdnstr delete Addassociation fqdn Policy modify addassociationPolicy fqdnstr Set policy modify verifyaddr Set policy fqdnstr modify bverifyaddr disable ldap smtpPolicy modify bverifyaddr Fallbackport Portint Policy modify fallbackFallbackhost Hostipv4 Policy modify ip Set policy fqdnstr modify issubdomain enable disable Policy modify issubdomain Policy modify ldap Set policy fqdnstr modify ldapasav state enable disableSet policy fqdnstr modify ldaprouting state enable disable Set policy fqdnstr modify ldapasav profile profilestr Policy modify mxflag Set policy fqdnstr modify mxflag 0 Fqdnstr Policy modify tpSet policy fqdnstr modify tp zoneintr yes no yes no Zoneintr Policy modify user Set policy delete Set policy modify rename-to Set policy modify bverifyaddr Smtp disablePolicy modify verifyaddr Verifyaddr ldap Set policy delete Policy modify rename-toSet policy fqdnstr rename-to newfqdnstr 95.0000 Set spam deepheader confidence confidenceintConfidence Confidenceint Set as control autorelease System admin Set system option Set user System appearance Set console System autoupdate pushaddressoverride Set system autoupdate pushaddressoverride disable System autoupdate pushupdate Set system autoupdate pushupdate enable disable Set system autoupdate schedule enable disable daily hhmm System autoupdate scheduleSet system autoupdate schedule enable disable every hhmm Port portnum System autoupdate tunnelingAddress addrip4 Username Usernamestr System ddns Set system disclaimer allowdomain enable disable System disclaimer allowdomain System disclaimer incoming System disclaimer outgoing System dns System fortimanager Autobackup enable disableEnable disable Initiate enable disable Central-management Set system ha config 20001 System ha configSet system ha config portinteger timeoutinteger Cpeerinteger System ha takeover command DisabledAny Cpeeripv4 Netmaskipv4 Primary-localipv410.0.0.1 255.255.255.0 Set system ha interface port5 10.0.0.4 Set system ha interface port5 10.0.0.2Set system ha interface port5 10.0.0.3 317 System ha data Set system ha data dataportinteger timeoutintegerSet system ha config 20002 Dataportinteger System ha datadir Ports hd System ha lserviceSet system ha lservice pprts 30 Checktimeinteger Set system ha mode cmaster System ha modeSet system ha mode mode Mode mode Heartbeatportinteger System ha monitorSet system ha monitor port 20000 20 20000 323 System ha on-failure Set system ha on-failure off restore slaveRestore Set system ha on-failure slave Set system ha passwd Passw4D System ha passwdSet system ha passwd passwdstr System ha remote-as-heartbeat Set system ha remote-as-heartbeat enable disableSet system ha remote-as-heartbeat enable Set system ha resync System ha restart restore resyncSet system ha restart restore resync Restart System ha rservice Set system ha rservice pop 10.10.10.2 25 30 20 System ha takeover Set system ha takeover port5 add 10.10.10.2 System ha takeover System hostname Set system hostname hostnamestr System interface config Connection Disable System interface mode dhcpSet system interface intfstr mode dhcp Defaultgw Disable System interface mode static Set system interface intfstr mode static ip addrip4 maskip4 System opmode Set system opmode gateway server transparent Set system option option1 value1 Set system admin Set system appearanceSystem option System route number System snmp community Set system snmp sysinfo threshold System snmp sysinfo threshold Set system snmp community System time manual Set system time ntp System time ntp Set system time manual Set system admin Set user System usrgrp Set user map internalname intstr externalname extstr Set user alias name namestr member addr addrSet user alias name namestr addmember addr addr Set user ldap map domain domainname profile ldapprofilename User pki Set userpolicy namestr delete Userpolicy deleteSet userpolicy move-to Set userpolicy rename-to Avstr Userpolicy modifyAsstr Miscstr Set userpolicy namestr move-to newint Userpolicy move-toSet userpolicy delete Set userpolicy rename-to Set userpolicy namestr rename-to newstr Userpolicy rename-toSet userpolicy delete Set userpolicy move-to 352 Unset Unset alertemail configuration Unset ldapprofile profile namestr Unset log reportconfig namestr Unset mailserver configuration Unset system configuration Alias name aliasstr Unset user configurationUser transparent and gateway Map name mapstr Ldap map domain domainint User serverGroup name groupstr Index Dkim 186 DNS 363 Smtp 365 366