Hi,
I would like to integrate FortiMail with LDAP. I would like a certain LDAP group to has access to the FortiMail and view the configuration.
Has anyone done this before?
I have succeded this easily on FortiGate, FortiAnalyzer and FortiWeb. But i find it confusing on FortiMail.
1984
-1984-
Users == administrators?
PCNSE
NSE
StrongSwan
The below thread goes through the correct LDAP profile you'll need to configure on the FortiMail to use it for admin logins:
[link]https://forum.fortinet.com/tm.aspx?m=147292#147568[/link]
I still would like to see the actual Fortimail side of the cfg & version, for the actual user. The OP has a requirement for viewing the cfg for just that user, so it still need a role for the profile.
Here's what we did with LDAPaaS, I put together a blog just recently for jumpcloud. It was not with "remtote-group" account btw.
http://socpuppet.blogspot.com/2017/03/jumpcloud-ldap-aas-with-fortimail.html
PCNSE
NSE
StrongSwan
Well forum alerts were tied to my old company email and i thought this is not very helpful forum. :)
I recently discovered that.
Anyway, i succeeded with the integration:
config profile ldap edit LDAP set server 1.1.1.1 set base-dn DC=example,DC=co,DC=uk set bind-dn "CN=Admin,OU=Service Accounts,OU=IT-Admin,DC=example,DC=co,DC=uk" set bind-password THISISTHEPASSFORADMINACCOUNTTHATCANBROWSETHELDAP set query "(&(objectCategory=person)(objectClass=user)(sAMAccountName=$u)(memberOf=CN=FortiMail Admin,OU=Admin Group,DC=example,DC=co,DC=uk))" next end
And then you just enable remote_widlcard user, tie it with Auth type LDAP and LDAP profile.
Hope it helps :)
-1984-
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.