Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
fquerzo_FTNT
Staff
Staff

Created on ‎09-17-2019 05:48 AM

Article Id 190024

Technical Tip: How to setup FortiGate to use custom LDAP attribute from which to get group membership

Description
In some environments, the LDAP group memberships are defined in a custom LDAP attribute (not in the default memberOf).
This article describes how to set the FortiGate up for such cases and how to create and apply user group in the firewall policy via CLI.

Solution
The LDAP server attribute <custom_attribute> hold group <ldap_group_name>.

Setting up LDAP configuration:
#config user ldap
edit <ldap_name>
set group-member-check user-attr
set member-attr <custom_attribute>
end
Creating a user group:
#config user group
edit <group_name>
set member <ldap_name>
config match
edit 1
set server-name <ldap_name>
set group-name <ldap_group_name>
end
end
Applying the group in the IPv4 firewall policy:
#config firewall policy
edit <policy_ID>
set groups <group_name>
end

Related Articles

Technical Tip : How to configure LDAP server and restrict access to certain groups in FortiOS 4.0MR2...

Labels:
4254
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.