Skip to main content
shikhakolekar
Staff
shikhakolekar
Staff
December 18, 2024

Technical Tip: Troubleshooting remote sync rules and common errors

  • December 18, 2024
  • 0 replies
  • 792 views

Description 

 

This article explains how to validate and troubleshoot the remote sync rule and directs to common errors noticed.

 

Common errors include:

  • Failed to sync remote LDAP users : Cannot add any more users because limit of 700 has been reached
  • Cannot add user from LDAP server : Unable to import valid token for user1414
  • Cannot add user from LDAP server : Failed to import user "user1414" (rule: Test LDAP sync rule), Email is required if TFA method is FTM

 

Scope

 

FortiAuthenticator.

 

Solution

 

The Remote sync rule is created for the use case as highlighted in the screenshot.

 

Syncrule .png

 

The user can be synced as an LDAP User, a Remote RADIUS user, or a local user; in this use case, the user is synced as a Remote LDAP user. 

The specific period to sync the rule and groups associated are linked, successful results will show up with the following.

 

Navigate to Logging -> Log Access -> Logs to verify the events.

 

Synced rule success.png

 

The user is added to the section of Authentication -> Remote Users -> LDAP, the log indicates that the user1414 in the use case has been successfully synced and added to the associated user group.

 

Userrule success.png

 

LDAPserver user.png

 Usersaccodiatedadded.png

 

To know more about the LDAP filter syntax for group filters refer to LDAP filter syntax for groups and remote user sync rules.

 

date=2024-12-17 time=08:19:27+0000 oid=23478798 logid=30303 cat="Event" subcat="System" level="information" nas="" action="" status="" msg="Successfully synced (rule: Test ldap sync rule) with LDAP_WITH_RADIUS on Thu Sep 5 10:19:27 2024." user="" <---- Which refers to the rule being successfully synced.

 

The common errors seen are:

 

"Failed to sync remote LDAP users (rule: Test ldap sync rule) with XXXX : Cannot add any more users because limit of 700 has been reached" user="" -->  User licenses on the box needs to be verified and corrected.

 

"Failed to sync remote LDAP user XXXX (rule: Test ldap sync rule) @ AD_SIIV (10.40.132.102), deleting." user="user1414" <----- User is deleted.

 

More details of the errors and solution is in Troubleshooting sync rule related errors.

Note that the users, if imported by the sync rule, will only be deleted when setting the group filter or removed from the Active directory. Manually imported users will not be deleted by the sync rule and need manual deletion. This is by design.

Terms & ConditionsAccessibility statement