Fortinet 5.0 Patch 6

Fortinet 232 FortiWeb 5.0 Patch 6 Administration Guide

5. Click OK.

6. If you enabled Secure Connection, upload the certificate of the CA that signed the directory

server’s certificate (see “Uploading trusted CAs’ certificates” on page 280).

7. Return to User > Remote Server > LDAP User, double-click the row of the query, then click

the Test LDA P button to verify that FortiWeb can connect to the server, that the query is

correctly configured, and that (if binding is enabled) the query bind is successful.

In username, type only the value of the CNID attribute, such as hlee, not the entire DN of

the administrator’s account. In password, type the password for the account.

8. If the query is for administrator accounts that you want to allow to access the FortiWeb

web UI, select the query in a remote authentication query group (see “Grouping remo te

authentication queries for administrators” on page 218).

If the query is for user accounts that you want to allow to authenticate with web servers, to

activate the user account, you must indirectly include it in a server policy. Continue with

“Grouping users”. (For an overview, see “To configure and activate end-user accounts” on

page 225.)

Group Type Indicate the schema of your LDAP directory, either:

•OpenLDAP — The directory uses a schema where each user

object’s group membership is recorded in an attribute named

gidNumber. This is usually an OpenLDAP directory, or another

directory where the object class inetOrgPerson or

posixAccount.

•Windows-AD — The directory uses a schema where each user

object’s group membership is recorded in an attribute named

memberOf. This is usually a Microsoft Active Directory server.

•eDirectory — The directory uses a schema where each user

object’s group membership is recorded in an attribute named

groupMembership. This is usually a Novell eDirectory server.

Group membership attributes may have different names depending

on an LDAP directory schemas. The FortiWeb appliance will use the

group membership attribute that matches your directory’s schema

when querying the group DN.

This option appears only when Bind Type is Regular and Group

Authentication is enabled.

Group DN Type the value of the group membership attribute that query results

must have in order to be able to authenticate.

The value may vary by your directory’s schema, but may be the

distinguished name such as ou=Groups,dc=example,dc=com or

a group ID (GID) such as 100.

This option appears only when Bind Type is Regular and Group

Authentication is enabled. The maximum length is 255 characters.

Secure Connection Enable to connect to the LDAP servers using an encrypted

connection, then select the style of the encryption in Protocol.

Protocol Select which secure LDAP protocol to use, either

•LDAPS

•STARTTLS

The option appears only when Secure Connection is enabled.

Setting name Description