Support User Manuals

Fortinet 3.0 MR7 Network Card User Manual

Open as PDF

of 234

System Config

FortiAnalyzer Version 3.0 MR7 Administration Guide

05-30007-0082-20080908 69

Figure 34: LDAP settings

To define an LDAP server query

1 Go to System > Config > LDAP.

2 Select Create New. Complete the following:

LDAP Distinguished Name

Query

Name Enter the name for the LDAP server query.

Server Name/IP Enter the LDAP server domain name or IP address.

Server Port Enter the port number. By default, the port is 389.

Server Type Select whether to use anonymous or authenticated (regular)

queries.

If selecting Anonymous, your LDAP server must be configured to

allow unauthenticated anonymous queries.

If selecting Regular, you must also enter the Bind DN and Bind

Password.

Bind DN Enter an LDAP user name in DN format to authenticate as a

specific LDAP user, and bind the query to a DN.

This option appears only when the Server Type is Regular.

Bind Password Enter the LDAP user’s password.

This option appears only when the Server Type is Regular.

Common Name

Identifier

Enter the attribute identifier used in the LDAP query filter. By

default, the identifier is cn.

For example, if the Base DN contains several objects, and you

want to include only objects whose cn=Admins, enter the

Common Name Identifier cn and enter the Group(s) value

Admins when configuring report profiles. For more information,

see “Configuring reports” on page 113.

Report scopes using this query require Common Name Identifier.

If this option is blank, the LDAP query for reports will fail.

Base DN Enter the Distinguished Name of the location in the LDAP

directory which will be searched during the query.

To improve query speed, enter a more specific DN to constrain

your search to the relevant subset of the LDAP tree.

For example, instead of entering dc=example,dc=com you

might enter the more specific DN

ou=Finance,dc=example,dc=com. This restricts the query to

the “Finance” organizational unit within the tree.

Report scopes using this query require Base DN. If this option is

blank, the LDAP query for reports will fail.

LDAP Distinguished

Name Query

Select to test the query.

Entries in the Base DN appear; if the query results contains

multiple levels, entries appear under their parent object.

previous next