System

Config

Figure 34: LDAP settings

LDAP Distinguished Name

Query

To define an LDAP server query

1Go to System > Config > LDAP.

2Select Create New. Complete the following:

Name

Enter the name for the LDAP server query.

Server Name/IP

Enter the LDAP server domain name or IP address.

Server Port

Enter the port number. By default, the port is 389.

Server Type

Select whether to use anonymous or authenticated (regular)

 

queries.

 

If selecting Anonymous, your LDAP server must be configured to

 

allow unauthenticated anonymous queries.

 

If selecting Regular, you must also enter the Bind DN and Bind

 

Password.

Bind DN

Enter an LDAP user name in DN format to authenticate as a

 

specific LDAP user, and bind the query to a DN.

 

This option appears only when the Server Type is Regular.

Bind Password

Enter the LDAP user’s password.

 

This option appears only when the Server Type is Regular.

Common Name

Enter the attribute identifier used in the LDAP query filter. By

Identifier

default, the identifier is cn.

 

For example, if the Base DN contains several objects, and you

 

want to include only objects whose cn=Admins, enter the

 

Common Name Identifier cn and enter the Group(s) value

 

Admins when configuring report profiles. For more information,

 

see “Configuring reports” on page 113.

 

Report scopes using this query require Common Name Identifier.

 

If this option is blank, the LDAP query for reports will fail.

Base DN

Enter the Distinguished Name of the location in the LDAP

 

directory which will be searched during the query.

 

To improve query speed, enter a more specific DN to constrain

 

your search to the relevant subset of the LDAP tree.

 

For example, instead of entering dc=example,dc=com you

 

might enter the more specific DN

 

ou=Finance,dc=example,dc=com. This restricts the query to

 

the “Finance” organizational unit within the tree.

 

Report scopes using this query require Base DN. If this option is

 

blank, the LDAP query for reports will fail.

LDAP Distinguished

Select to test the query.

Name Query

Entries in the Base DN appear; if the query results contains

 

multiple levels, entries appear under their parent object.

FortiAnalyzer Version 3.0 MR7 Administration Guide

 

05-30007-0082-20080908

69

Page 69
Image 69
Fortinet 3.0 MR7 manual To define an Ldap server query Go to System Config Ldap, Select Create New. Complete the following