Help
FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
ckarwei
Staff
Staff

Created on ‎09-13-2020 10:42 PM Edited on ‎12-03-2021 07:59 AM By Community Manager

Article Id 191579

Technical Tip: Creating LDAP system administrator

Description
This article describes how to create LDAP system administrator in FortiManager and FortiAnalyzer.

Solution
To configure the FortiManager / FortiAnalyzer for LDAP authentication from GUI:

1) Go to System Settings -> Admin -> Remote Authentication Server, select 'Create New' and select 'LDAP Server'.
2) Enter a Name for the LDAP server.
3) In Server Name/IP, enter the Server Name or IP address.
4) Enter the Port number used for LDAP communication (389 by default).
5) Enter the Common Name Identifier (cn by default).
6) Enter the Distinguished name. Slectec the query distinguished name icon will query the LDAP server for the name and open the LDAP Distinguished name query window to display the results (select query after entering the User DN and Password in step 8 )and 9) ).
7) In 'Bind Type', select 'Regular'.
8) In User DN, enter the LDAP administrator’s name with the domain (ex. mydomain\admin)
9) Enter the LDAP administrator’s password
10) Select 'OK'.


Bold
 
 
11) Go to System Settings -> Admin -> Administraton and select 'Create New'.
12) Enter the user name (the same with domain username if  'Match all users on remote server' is not checked).
13) In 'Admin Type', select 'LDAP'.
14) In LDAP server, choose the remote authentication server created earlier.
15) Check 'Match all users on remote server' to match a user group on the AD server.
16) Left the password field empty.
17) Select 'Admin Profile' and 'Administrative Domain' accordingly
18) Select 'OK'.
 
 
 
 
19) Login now  with the AD username and password.
 
If you want to push admin user profile from LDAP you can use the bellow CLI command:
 
# config system admin ldap
    edit "myLDAP"
        set profile-attr "description"
    next
end
You also need to configure your wildcard user to use this profile.
# config system admin user
    edit "myLDAPuser"
        set ext-auth-accprofile-override enable
    next
end
Then edit your advance attribute on your LDAP server and in the description field , you mention the profile name associated with the user or group of user.

 

3051
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.