FortiVoice Enterprise Profiles: LDAP Profiles

FortiVoice phone profiles let you create user privileges and SIP profiles for configuring extensions and SIP trunks. It also allows you to modify caller IDs, schedule the FortiVoice unit, and configure phone and LDAP profiles.

This recipe guides you through the process of configuring a LDAP profile.

Configuring an LDAP Profile

The LDAP submenu lets you configure LDAP profiles which can query LDAP servers for authentication.

IMPORTANT: Before using an LDAP profile, verify each LDAP query and connectivity with your LDAP server. When LDAP queries do not match with the server’s schema and/or contents, unintended phone call processing behaviors can result. 

To configure an LDAP profile

  1. Go to Phone System > Profiles > LDAP.
  2. Select New or double-click an existing profile to modify it.
  3. Enter the profile name, and server name. The fallback server name is optional.
  4. Select whether or not to connection to the LDAP servers using an encrypted connection from the Use secure connection dropdown menu. 
  5. Enter a distinguished name of the part of the LDAP directory tree within which the FortiVoice unit will search for user objects
  6. Enter the bind DN. This field is optional if your LDAP server does not require the FortiVoice unit to authenticate when performing queries.
  7. Enter the password of the Bind DN.

FVE LDAP

Configuring User Authentication Options for the LDAP Profile

With the basic settings of the LDAP profile configured, you can now customize the user authentication options. Select the arrow button to expand the User Authentication Options section.

  1. Select Try common name with base DN as bind DN and enter a common name ID. If this is your selection, you are finished with the user authentication options.
  2. Select Search user and try bind DN.
  3. Select your desired schema style. If your LDAP server uses any other schema style, select User Defined, then manually configure the query string.
  4. Enter an LDAP query filter that selects a set of user objects from the LDAP directory. The query string filters the result set, and should be based upon any attributes that are common to all user objects but also exclude non-user objects.
  5. Select which level of depth to query from the scope dropdown menu.
  6. Select the Derefer method to use, if any, when dereferencing attributes whose values are references.
 FVE authentication

Configuring Advanced Options

With the authentication settings completed, we can now configure some advanced options. Select the arrow button to expand the Advanced Options section.

  1. Enter the maximum amount of time in seconds that the FortiVoice unit will wait for query responses form the LDAP server.
  2. Select the Protocol version from the dropdown menu.
  3. Enable cache.
  4. Enter the amount of time in minutes that the FortiVoice unit will cache query results. After the TTL has elapsed, cached results expire and any subsequent requests for the information causes the FotiVoice unit to query the LDAP server, refreshing the cache.
  5. Enable user password change
  6. Select your LDAP server’s user schema style from the dropdown menu.
  7. Select Apply.

Once you have finished creating an LDAP profile, you should test each enabled query in the LDAP profile to verify that the FortiVoice unit connects to the LDAP server, the the LDAP directory contains the required attributes and values, and the query configuration is correct.

Once you are finished testing, configure User Privileges. For more information on configuring user privileges, see the corresponding chapter in the FortiVoice Enterprise Administrator Guide.

 FVE advanced options

Share this recipe:

Facebooktwittergoogle_pluslinkedin

Leave a comment:

Before commenting, please read the site's comment policy. Only questions related to documentation will be answered. For other concerns, please contact Fortinet support.