Skip to main content
shikhakolekar
Staff
shikhakolekar
Staff
July 21, 2025

Technical Tip: How to validate and solve error 'ldap_search_ext_s search failed: Timed out' for LDAP remote sync rule

  • July 21, 2025
  • 0 replies
  • 386 views

Description

 

This article describes how to solve 'ldap_search_ext_s search failed: Timed out'.

 

In this case, the rule is created for adding any remote LDAP users to FortiAuthenticator. Symptom observed is that users do not reflect under Authentication -> User Management -> Remote Users.

 

Certain slowness may also be observed when listing the LDAP users through the LDAP server on FortiAuthenticator.

 

Scope

 

FortiAuthenticator.

 

Solution

 

Step 1: Verify if the user is visible in the LDAP tree. The user created on LDAP is 'User1013'.

 

Userslistedon AD.png

 

 

Step 2: On the Sync rule created, check the filter applied. Navigate to User Management -> Remote User sync Rules. Ensure that the filter rightly presents OU and the group the user is part of. Verify this by using test filter option; this should return the OU and group that, user is part of

 

LDAPfilter.png

 

If this fails, check for the filters as per this KB article Technical Tip: LDAP filter syntax for groups and remote user sync rules. If not, proceed with step 3.

 

Note:

When using filter '(&(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=cn=group1,ou=FED_BU ,dc=test,dc=training,dc=lab)' this will list all users with subgroups, i.e, nested groups 

 

Step 3: Perform manual sync. Search for the user under Authentication -> User Management -> Remote Users. If the user is still not present, navigate to Logging -> Log Access -> Logs, to confirm if sync has failed.

 

Failed error.png

 

Error messages:

 

Message Performing remote LDAP user sync (rule: Test LDAP Sync rule) with AHAM_AD (10.10.20.1).
Message Unable to query remote LDAP server AHAM_AD (10.10.20.1) for users to sync (rule Test LDAP Sync rule): ldap_search_ext_s search failed: Timed out
Message Failed to sync (rule: Test LDAP Sync rule) with AHAM_AD: Unable to query remote LDAP server AHAM_AD (10.10.20.1) for users to sync (rule Test LDAP Sync rule :ldap_search_ext_s search failed: Timed out

 

Step 4: Increase the timeout value of the LDAP authentication. Navigate to Authentication -> Remote Auth.Servers -> Generalset LDAP Server Response Timeout '5' to 20 or 25 and test again.

 

This should solve the error 'ldap_search_ext_s search failed: Timed out'.

Terms & ConditionsAccessibility statement