Using the Query icon | Fortinet v3.0 MR7 guide

LDAP servers

Authentication servers

Common Name Identifier

Distinguished Name

Delete icon

Edit icon

The common name identifier for the LDAP server. Most LDAP servers use cn. However, some servers use other common name identifiers such as uid.

The distinguished name used to look up entries on the LDAP servers use. The distinguished name reflects the hierarchy of LDAP database object classes above the common name identifier.

Delete the LDAP server configuration. Edit the LDAP server configuration.

To remove an LDAP server from the FortiGate unit configuration - CLI

config user ldap delete <server_name>

end

Using the Query icon

The LDAP Distinguished Name Query list displays the LDAP Server IP address, and all the distinguished names associated with the Common Name Identifier for the LDAP server. The tree helps you to determine the appropriate entry for the DN field. To see the distinguished name associated with the Common Name identifier, select the Expand icon next to the CN identifier. Select the DN from the list. The DN you select is displayed in the Distinguished Name field. Select OK and the Distinguished Name you selected will be saved in the Distinguished Name field of the LDAP Server configuration.

To see the users within the LDAP Server user group for the selected Distinguished Name, expand the Distinguished Name in the LDAP Distinguished Name Query tree.

Figure 5: LDAP server Distinguished Name Query tree

Common Name Identifier (CN)

Distinguished Name (DN)

Expand Arrow

	FortiOS v3.0 MR7 User Authentication User Guide
24	01-30007-0347-20080828

Image 24

Contents

E R G U I D E FortiOS v3.0 MR7 User Authentication User Guide Trademarks Contents Configuring authenticated access Users/peers and user groupsIndex Creating local users Creating peer users About authentication Introduction User’s view of authentication Web-based user authenticationVPN client-based authentication FortiGate administrator’s view of authentication See Creating local users on See Creating peer users on Authentication servers See Configuring user groups on Public Key Infrastructure PKI authentication PeersUsers User groups Authentication timeout About this documentFirewall policies VPN tunnels Name field, type admin FortiGate documentationTypographic conventions FortiGate Administration Guide Related documentation FortiManager documentation FortiClient documentationFortiMail documentation FortiAnalyzer documentation Customer service and technical support Fortinet Tools and Documentation CDFortinet Knowledge Center Comments on Fortinet technical documentation Authentication servers Radius servers Configuring the FortiGate unit to use a Radius server Radius attributes sent in Radius accounting message Primary Server Name/IP Primary Server Secret Edit icon Edit a Radius server configuration Group Ldap servers Ldapsearch -x objectclass= Configuring the FortiGate unit to use an Ldap server Password Server PortCommon Name Identifier To configure the FortiGate unit for Ldap authentication CLI EditProtocol Certificate Using the Query icon Ldap server Distinguished Name Query tree TACACS+ servers Ascii Authentication Type Server Key Directory Service servers Create New DomainGroups Fsae Collector IP Directory Service server configuration Name Fsae Collector IP/Name Port CLI Example Directory Service server list Directory Service servers Users/peers and user groups Users/peers User type Authentication Creating local usersTo create a local user web-based manager Go to User Local To view a list of all local users, go to User Local Delete icon Edit iconTo create a local user CLI To remove a user from the FortiGate unit configuration CLI Creating peer usersDelete icon Authenticating peer user To view a list of PKI peer users, go to User PKISubject To create a peer user for PKI authentication CLI Remove PKI peer user Directory Service user groups User groupsFirewall user groups SSL VPN user groups Protection profiles Configuring user groups Select Create New and enter the following informationFirewall Configuring Directory Service user groups To create a firewall user group CLIMembers FortiGuard Web Configuring SSL VPN user groups Available Users/Groups or Available Members Configuring Peer user groups Viewing a list of user groupsTo create a peer group CLI Group Name Config user group delete groupname End User groups Authentication timeout Authentication protocolsEnter the Idle Timeout value seconds Select Apply Telnet Firewall policy authentication Authentication Settings Configuring authentication for a firewall policy Authentication is an Advanced firewall optionTo configure authentication for a firewall policy Go to Firewall Policy Firewall policy order Firewall Policy Move To Configuring authenticated access to the Internet Source InterfaceZone VPN authentication Configuring authentication of SSL VPN usersSelect Enable SSL-VPN and enter information as follows Go to VPN SSL Default RC4128 Server CertificateRequire Client Certificate Encryption Key Algorithm To configure authentication for an SSL VPN CLI Configuring authentication of VPN peers and clients Configuring authentication of Pptp VPN users/user groupsSelect Enable Pptp Select Require Client Certificate, and then select Apply Configuring authentication of L2TP VPN users/user groups Configuring authentication of remote IPSec VPN usersTo configure authentication for a Pptp VPN CLI To configure authentication for an L2TP VPN CLI To configure user group authentication for dialup IPSec CLI Only users with passwords on the FortiGate unitRemote Gateway Configuring XAuth authentication IPSec configuration for dialup users To configure authentication for a dialup IPSec VPN CLI Remote Gateway Authentication MethodXAuth Server Type VPN authentication Index 01-30007-0347-20080731 MS-CHAP VSA