Fortimail and LDAP groups

Here’s an example of creating an LDAP profile so the Fortimail can apply different recipient policies to each group.

First we edit an LDAP profile which has already been verified to bind correctly with the LDAP server. We want to make sure  “Group Query Options” is selected and the group membership attribute is set (typically “memberOf” for Active Directory).

The next step is to make sure your group query is working ok. Use the “Test LDAP Query” tool to verify that you can bind to the LDAP server and the username is found.


Next we’ll create a recipient based policy for a group you want to match and can apply the appropriate AS, AV and content profile to that group. You may also want to give authentication access to that group.


In the example below we have the “RestrictedAccess” group which has no AS or AV profile associated and can authenticate to gain quarantine/webmail access. Anyone not in the group falls through and will have the default AS profile applied.

Leave a Reply