Fortinet 229 FortiWeb 5.0 Patch 6 Administration Guide
web UI or CLI. For details, see “Grouping remote authentication queries for administrators” on
page 218.
Supported servers may implement the underlying technology and group membership in
different ways, such as with OpenLDAP, Microsoft Active Directory, IBM Lotus Domino, and
Novell eDirectory. Match the distinguished names (DN) and group membership attributes
(Group Type) with your LDAP directory’s schema.
If this query will be used to authenticate administrators, and your LDAP server is slow to
answer, you may need to adjust the authentication timeout setting to prevent the query from
failing. See the FortiWeb CLI Reference. (For end-user queries, configure Connection Timeout
instead.)
To configure an LDAP query
1. Before configuring the query, if it will use a secure connection, you must upload the
certificate of the CA that signed the LDAP server’s certificate. For details, see “Uploading
trusted CAs’ certificates” on page 280.
2. Go to User > Remote Server > LDAP Server.
To access this part of the web UI, your administrator's account access profile must have
Read and Write permission to items in the Auth Users category. For details, see
“Permissions” on page 47.
3. Click Create New.
A dialog appears.
If you use an LDAP query for administrators, separate it from the queries for regular users. Do
not combine administrator and user queries into a single entry. Failure to separate queries
will allow end-users to have administrative access the FortiWeb web UI and CLI. If
administrators are in the same directory but belong to a different group than end-users, you can
use Group Authentication to exclude end-users from the administrator LDAP query.