Fortigate Virtual Domain (VDOM) is a virtualisation feature by creating virtual instance of Firewall. Each VDOM can provide completely separate firewalling, routing, unified threat management (UTM) , virtual private networking (VPN), and next generation firewall services. All traffic enters and leaves a VDOM completely separated from traffic from other VDOMs.
This blog shows you how to integrate Fortigate VDOM to LDAP.
1. Enable Virtual Domain (VDOM) on Fortigate.
2. Under Global configuration mode go to VDOM > VDOM > Create additional VDOM called test. Note that Fortigate automatically creates root VDOM.
3. Assign port to VDOMs.
4. Go to root VDOM > User and Device > Authentication > LDAP servers > Create new LDAP server.
Name: Any descriptive name Server Name/IP: Hostname/IP address of LDAP server Server Port: 389 Common name identifier: sAMAccountName+ Distinguished Name: DC=test,DC=local Bind type: Regular User DN: [email protected] Password: password
5. Go to root VDOM > User and Device > User Groups > LDAP servers > Create new user group.
Name: Any descriptive name Type: Firewall Members: Leave it blank Remote groups: Select LDAP server created on step 4 Group name: Map to LDAP group
6. Go to Global firewall configuration > Admin > Administrators > Create new administrator.
Administrator: Any descriptive name Type: Remote Wildcard: Yes User group: Select the user group created on step 5.
There is a bug on this part where Fortigate doesn’t show the available user groups. The workaround is to configure it via CLI.
config global config system admin edit username set remote-group usergroup end end end