1st you need to define the LDAP server cfgs.
NOTE: you need to set the cnid value to uid. It's a good thing to use LDAPS and not LDAP. The fortigate will use the SSL certificate on jump cloud LDAP-aaS server instance
Now, we set the group with the name JUMPCLOUD server-profie.
And here's my simple user name jump01 set as a Super Admin;
Okay now you test using the following ;
diag test authserver ldap <servernameLDAP> <username> <password>
Or just login via the ssh or webgui
Ensure the fortigate has a clear path for communication for LDAP or LDAPS 389/636.
You can use the jump utility script or ldapsearch to test connectivity and bind user credentials, and filter or firewall policies
e.g
testing LDAPS
HINT
If you know the attribute your looking for or a range of attribute you can query just those attributes
e.g ( query for cn uid and sshKey )
e.g ( query user home directory )
Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( @ @ )=
o
/ \
No comments:
Post a Comment