The vendor type for Fortinet VPN is needed for LDAP to RADIUS mapping inside the RADIUS validation server.

Group not being presented to Fortinet in the correct format when attempting to login.

The name has to be encoded inside attribute 26 – which corresponds to “Vendor-Specific” in the VIP configuration.

Within the encoded response, you can define what type of data you’re returning.  In Fortinet’s case, Fortinet-Group-Name corresponds to a Vendor Type or ‘1’.  The full list is here:  http://kb.fortinet.com/kb/documentLink.do?externalID=13837

Their vendor ID is known as 12356.

Note:

Below is an example of a secondary query that returns the short name of the group:

• Search Attribute with value DistinguishedName
• Secondary Base DN : cn=users,dc=domain,dc=com (customers domain base DN)
• Secondary Filter : (&(objectClass=group)(member=%s))
• LDAP Mapping attribute: cn (or other desired attribute)