FortiGate VDOM integration to LDAP

Posted by

Fortigate Virtual Domain (VDOM) is a virtualisation feature by creating virtual instance of Firewall. Each VDOM can provide completely separate firewalling, routing, unified threat management (UTM) , virtual private networking (VPN), and next generation firewall services. All traffic enters and leaves a VDOM completely separated from traffic from other VDOMs.

This blog shows you how to integrate Fortigate VDOM to LDAP.

1. Enable Virtual Domain (VDOM) on Fortigate.


2. Under Global configuration mode go to VDOM > VDOM > Create additional VDOM called test. Note that Fortigate automatically creates root VDOM.


3. Assign port to VDOMs.

4. Go to root VDOM > User and Device > Authentication > LDAP servers > Create new LDAP server.

Name: Any descriptive name
Server Name/IP: Hostname/IP address of LDAP server
Server Port: 389
Common name identifier: sAMAccountName+
Distinguished Name: DC=test,DC=local
Bind type: Regular
User DN: [email protected]
Password: password

5. Go to root VDOM > User and Device > User Groups > LDAP servers > Create new user group.


Name: Any descriptive name
Type: Firewall
Members: Leave it blank
Remote groups: Select LDAP server created on step 4
Group name: Map to LDAP group

6. Go to Global firewall configuration > Admin > Administrators > Create new administrator.

Administrator: Any descriptive name
Type: Remote
Wildcard: Yes
User group: Select the user group created on step 5.

There is a bug on this part where Fortigate doesn’t show the available user groups. The workaround is to configure it via CLI.

config global
  config system admin
   edit username
    set remote-group usergroup

Leave a Reply

Your email address will not be published. Required fields are marked *