Configure the following information:
Name Type a name to identify the LDAP server.
Server Name/IP Type the IP address or fully qualified domain name of the LDAP server.
Port Type the port for LDAP traffic. The default port is 389.
Common Name Iden-
tifier The common name identifier for the LDAP server. Most LDAP servers use cn. However, some servers use other common name identifiers such as UID.
Distinguished Name The distinguished name used to look up entries on the LDAP servers use. The distinguished name reflects the hierarchy of LDAP database object classes above the common name identifier. Selecting the query distinguished name icon will query the LDAP for the name and open the LDAP Distinguished Name Query window to display the results.
Bind Type Select the type of binding for LDAP authentication. Select Simple, Anonymous or Regular from the drop-down menu.
User DN When the Bind Type is set to Regular, type the user DN.
Password When the Bind Type is set to Regular, type the password.
Secure Connection Select to use a secure LDAP server connection for authentication.
Protocol When Secure Connection is enabled, select either LDAPS or STARTTLS.
Certificate When Secure Connection is enabled, select the certificate from the drop-down list.
Administrative Domain Choose the ADOMs this server will be linked to, or select All ADOMs.
Select Specify and then select the add icon to add Administrative Domains. Select the remove icon to remove an administrative domain from this list.
This field is available only if ADOMs are enabled.
3. Select OK to save the new LDAP server entry.
RADIUS
Remote Authentication Dial-in User (RADIUS) is a user authentication and network-usage accounting system. When users connect to a server they type a user name and password. This information is passed to a RADIUS server, which authenticates the user and authorizes access to the network.
You can create or edit RADIUS server entries in the server list to support authentication of administrators. When an administrator account’s type is set to RADIUS, the FortiManager unit uses the RADIUS server to verify the administrator password at logon. The password is not stored on the FortiManager unit.
For information on configuring a TACACS+ server for remote administrator authentication, see RADIUS authentication for administrators.
To add a RADIUS server:
1. Go to System Settings > Admin > Remote Auth Server.
2. Select the Create New toolbar icon, then select RADIUS from the drop-down list. The New RADIUS Server window opens.
New RADIUS Server window

Configure the following settings:
Name Type a name to identify the RADIUS server.
Server Name/IP Type the IP address or fully qualified domain name of the RADIUS server.
Server Secret Type the RADIUS server secret.
Secondary Server Name/IP Type the IP address or fully qualified domain name of the secondary RADIUS server.
Secondary Server Secret Type the secondary RADIUS server secret.
Port Type the port for RADIUS traffic. The default port is 1812. You can change it if necessary. Some RADIUS servers use port 1645.
Auth-Type Type the authentication type the RADIUS server requires. The default setting of ANY has the FortiManager unit try all the authentication types. Select one of: ANY, PAP, CHAP, or MSv2.
3. Select OK to save the new RADIUS server configuration.
TACACS+
TACACS+ allows a client to accept a user name and password and send a query to a TACACS+ authentication server. The server host determines whether to accept or deny the request and sends a response back that allows or denies network access to the user. The default TCP port for a TACACS+ server is 49.
For information on configuring a TACACS+ server for remote administrator authentication, see TACACS+ authentication for administrators.