#config user ldapThe default search results show only groups that have the user as member, and no groups that have groups as members:
edit "ldap-ad"
set server "10.1.100.131"
set cnid "cn"
set dn "dc=fortinet-fsso,dc=com"
set type regular
set username "cn=Administrator,cn=users,dc=fortinet-fsso,dc=com"
set password XXXXXXXXXXXXXXXXXXXXXXXX
next
end
#diagnose test authserver ldap ldap-ad nuser nuserEnable recursive search to include nested groups in the results:
authenticate 'nuser' against 'ldap-ad' succeeded!
Group membership(s) - CN=nested3,OU=Testing,DC=Fortinet-FSSO,DC=COM
CN=Domain Users,CN=Users,DC=Fortinet-FSSO,DC=COM
#config user ldapThe search results include groups that have other groups as members:
edit "ldap-ad"
set server "10.1.100.131"
set cnid "cn"
set dn "dc=fortinet-fsso,dc=com"
set type regular
set username "cn=Administrator,cn=users,dc=fortinet-fsso,dc=com"
set password XXXXXXXXXXXXXXXXXXXXXXXX
set search-type recursive
next
end
#diagnose test authserver ldap ldap-ad nuser nuserThe group nested3 is a member of the group nested2, which is itself a member of the group nested1.
authenticate 'nuser' against 'ldap-ad' succeeded!
Group membership(s) - CN=nested3,OU=Testing,DC=Fortinet-FSSO,DC=COM
CN=Domain Users,CN=Users,DC=Fortinet-FSSO,DC=COM
CN=nested2,OU=Testing,DC=Fortinet-FSSO,DC=COM
CN=nested1,OU=Testing,DC=Fortinet-FSSO,DC=COM
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.