Fortinet 232 FortiWeb 5.0 Patch 6 Administration Guide
5. Click OK.
6. If you enabled Secure Connection, upload the certificate of the CA that signed the directory
server’s certificate (see “Uploading trusted CAs’ certificates” on page 280).
7. Return to User > Remote Server > LDAP User, double-click the row of the query, then click
the Test LDA P button to verify that FortiWeb can connect to the server, that the query is
correctly configured, and that (if binding is enabled) the query bind is successful.
In username, type only the value of the CNID attribute, such as hlee, not the entire DN of
the administrator’s account. In password, type the password for the account.
8. If the query is for administrator accounts that you want to allow to access the FortiWeb
web UI, select the query in a remote authentication query group (see “Grouping remo te
authentication queries for administrators” on page 218).
If the query is for user accounts that you want to allow to authenticate with web servers, to
activate the user account, you must indirectly include it in a server policy. Continue with
“Grouping users”. (For an overview, see “To configure and activate end-user accounts” on
page 225.)
Group Type Indicate the schema of your LDAP directory, either:
OpenLDAP — The directory uses a schema where each user
object’s group membership is recorded in an attribute named
gidNumber. This is usually an OpenLDAP directory, or another
directory where the object class inetOrgPerson or
posixAccount.
Windows-AD — The directory uses a schema where each user
object’s group membership is recorded in an attribute named
memberOf. This is usually a Microsoft Active Directory server.
eDirectory — The directory uses a schema where each user
object’s group membership is recorded in an attribute named
groupMembership. This is usually a Novell eDirectory server.
Group membership attributes may have different names depending
on an LDAP directory schemas. The FortiWeb appliance will use the
group membership attribute that matches your directory’s schema
when querying the group DN.
This option appears only when Bind Type is Regular and Group
Authentication is enabled.
Group DN Type the value of the group membership attribute that query results
must have in order to be able to authenticate.
The value may vary by your directory’s schema, but may be the
distinguished name such as ou=Groups,dc=example,dc=com or
a group ID (GID) such as 100.
This option appears only when Bind Type is Regular and Group
Authentication is enabled. The maximum length is 255 characters.
Secure Connection Enable to connect to the LDAP servers using an encrypted
connection, then select the style of the encryption in Protocol.
Protocol Select which secure LDAP protocol to use, either
LDAPS
STARTTLS
The option appears only when Secure Connection is enabled.
Setting name Description