Hi,
I'm working on binding a Fortinet FW to FreeIPA LDAP for VPN authentication. I did
quite some Google searches and found only a few leads. I want make sure I will do this
correctly.
1. Setup a "system account" per this FreeIPA Howto
https://www.freeipa.org/page/HowTo/LDAP
2. In the HowTO, "note: IPA 4.0 is goign to change the default stance ... to nothing
is readable".
I defined the system account per the HowTO with v4.6.4. I assume nothing is readable
now.
A) How do verify that the system account can't read the user or groups?
B) How do I grant permission for the "system account" to read user and groups
which I need for FW auth?
3. I ran a test on the Fortigate admin GUI
I set Common Name Identifier to "uid", DN to
"cn=account,dc=example,dc=com". I was able to test connectivity bind type
Simple or Anonymous. I can't see a need for anonymous bind, at least for now. The
correct way to disable anonymous bind is modifying nsslapd-allow-anonymous-access ?
Thanks
W