Troubleshooting Tip: Importing users from LDAP server by group membership shows stale user accounts info

Description

This article describes the steps to troubleshoot stale user account information during user import from LDAP to FortiAuthenticator. The user is experiencing slow performance when importing users from LDAP, and the changes made in the LDAP server are not reflected in FortiAuthenticator on time.

Scope

FortiAuthenticator v6.6.6.

Solution

In the LDAP server, the user likith is a member of the user group lab.

When importing users to FortiAuthenticator using the Import users by group memberships action, user likith is listed in user group.

The user likith is removed from group lab in the LDAP server; however, when importing users to FortiAuthenticator using the Import users by group memberships action, user likith is still listed in user group lab in FortiAuthenticator.

After a delay, when importing users to FortiAuthenticator using the Import users by group memberships action, user likith will no longer be listed in user group lab.

This is a known issue in FortiAuthenticator firmware version 6.6.6, where importing users from the LDAP server by group membership displays stale user account information. This issue has not been observed in firmware versions 6.6.10 and 8.0.4.