All FortiOS
Setting On FortiGate:
1. Access User>Remote>LDAP , Choose Create New
2. Fill in Name, Server Name/IP, Select Bind Type to Regular and Fill in User DN and Password. Keep other setting as default.
Note: User DN is required to be member of Domain Admins
3. Click “Query Distinguished Name”, You should be able to see LDAP directory
If you see Message Query failed, or appear only one line of DN with 0 Entries, then Please Go to
Verify setting on Window Server
Verify setting on Window Server
1. Verify that User DN is member of Domain Admin
2. Verify ldapserverintegrity
· Click the Start button and select Run...
Note:
This value is used to determine the LDAP server handling of LDAP bind command requests as follows.
· 1 (default) or not defined: The AD's LDAP agent always supports LDAP client request for LDAP traffic signing when handling a LDAP bind command request which specifies a SASL authentication mechanism.
· 2: The ADs LDAP agent only supports SASL in a LDAP bind command request unless the incoming request is already protected with TLS/SSL. It rejects the LDAP bind command request if other types of authentication are used. If the LDAP bind command request does not come in via TLS/SSL, it requires the LDAP traffic signing option in the client security context.
1. Verify LDAP server signing requirements.
· Click Start, click Run, type mmc.exe , and then click OK
· On the File menu, click Add/Remove Snap-in.
· In the Add or Remove Snap-ins dialog box, click Group Policy Management Editor, click Add.
· In the Select Group Policy Object dialog box, click Browse
· In the Browse for a Group Policy Object dialog box, click Default Domain Policy under the Domains, OUs and linked Group Policy Objects area, and then click OK.
· Click Finish
· Click OK.
· Expand Default Domain Controller Policy, expand Computer Configuration, expand Policies, expand Windows Settings, expand Security Settings, expand Local Policies, and then click Security Options.
· In the Domain controller: LDAP server signing requirements Properties dialog box, Your Server may already enable the “Require Signing” option:
· Right-click Domain controller: LDAP server signing requirements, and then click Properties. click to select “None” in the Define this policy setting drop-down list, and then click OK.
· Click Yes in the Confirm Setting Change dialog box.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.