Thursday, March 9, 2017

jump cloud LDAP with a fortigate for user remote-user authentication

In this series of jumpcloud configurations, here's a basic  cfg for  a jump cloud LDAP-as-a -Service  .



1st you need to define the LDAP server cfgs.

NOTE: you need to set the cnid value to uid. It's a good thing to use LDAPS and not LDAP. The  fortigate will use the  SSL certificate on jump cloud LDAP-aaS server instance

Now, we set the group with the name JUMPCLOUD  server-profie.




And here's my simple user name jump01 set as a Super Admin;





Okay now you test using the following ;


diag test authserver ldap  <servernameLDAP>  <username> <password>


Or just login  via  the ssh or webgui






Ensure the fortigate has a clear path for communication  for LDAP or LDAPS 389/636.




You can use the jump utility script or ldapsearch to test  connectivity and bind user credentials, and filter or firewall policies


e.g



testing LDAPS




Image result for hintHINT





If you know the attribute your looking for or a range of attribute you can query just those attributes

e.g ( query for cn uid and sshKey )


e.g ( query user home directory )





Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
         o 

        /  \

No comments:

Post a Comment