FortiAuthenticator
FortiAuthenticator provides access management and single sign on.
lmarinovic
Staff
Staff
Article Id 190650
Description
This article describes how to configure LDAP services on the FortiAuthenticator and shows how to integrate with a FortiGate.

This includes the FortiAuthenticator as well as the FortiGate configuration.

Scope



Solution
Diagram

Internet----FortiGate----FortiAuthenticator (LAN)

FortiAuthenticator.

1)  Enable LDAP services on the interface connected to the FortiGate

Go to Network -> Interfaces -> Access Rights -> Services and Enable check box for LDAP.



2) Create Groups.

-  LDAP Administrator  group.
Authentication -> User Management -> User Groups and  Create New ‘ldap_admins’

- Create User groups.
Authentication -> User Management -> User Groups and Create New ‘testgrp’

3)  Create users and add them under respective group created earlier

ldapadmin -> to the group ldap_admins
test1 ->
to the group testgrp

4) Add rights to the 'ldapadmin' user for LDAP browsing.





5) Configure Directory Tree as shown below. Ensure that the LDAP Administrator is a part of LDAP tree. The LDAP admin and the users MUST be contained as object below the "Distinguished name" (= baseDN) configuration on FortiGate. If the Admin or user are outside of the baseDN you are searching through, the objects won't be found.




FortiGate.

1) Configure LDAP services.


2)  Test Authentication from CLI. with the command syntax as follows:


FGT # diagnose test authserver ldap <name of LDAP server configuration> <username> <password>

Example:
FGT # diagnose test authserver ldap lab test1 Fortinet123
authenticate 'test1' against 'lab' succeeded!

3)  FortiAuthenticator event logs.


4)  Create User Group.

Go to User & Device -> User -> User Groups, enter 'Name' and select 'Create New' under 'Remote groups', select the remote server created and select the required user group name.


5)  User group created on firewall in the last step can now be selected on the appropriate firewall authentication policy.

Contributors