Skip to main content
JCPL
Staff & Editor
JCPL
Staff & Editor
December 11, 2025

Troubleshooting Tip: Updating LDAP server configuration resets the Username and Password fields

  • December 11, 2025
  • 0 replies
  • 1060 views
Description

This article describes the reasons behind the error that is triggered after updating the LDAP server configuration, including Server IP/Name, the Common Name Identifier, the Distinguished Name, or the Secondary/Tertiary Server.
Scope FortiOS version 7.4.9 and later.
Solution

Updating the Server IP/Name, Common Name Identifier, or Distinguished Name parameters in GUI triggers the error 'This field is required'. 

 

Picture1.png

 

When the same update is executed through the CLI, the system returns the message 'username and password unset', as illustrated below. Adding or deleting the secondary server or the tertiary server in CLI also triggers the same message. 

 

FortiGate3 (ADLDAP) # show config user ldap     edit "ADLDAP"         set server "172.31.80.9"         set server-identity-check disable         set cnid "sAMAccountName"         set dn "DC=Fortinet,DC=DomainController1"         set type regular         set username "carlos"         set secure ldaps         set ca-cert "CA_Cert_1"         set port 636         set password-expiry-warning enable         set password-renewal enable     next end  FortiGate3 (ADLDAP) # set server 172.31.80.8 Username and password unset.  FortiGate3 (ADLDAP) # show config user ldap     edit "ADLDAP"         set server "172.31.80.8"         set server-identity-check disable         set cnid "sAMAccountName"         set dn "DC=Fortinet,DC=DomainController1"         set type regular         set secure ldaps         set ca-cert "CA_Cert_1"         set port 636         set password-expiry-warning enable         set password-renewal enable     next end  FortiGate3 (ADLDAP) # end Attribute 'username' MUST be set. Command fail. Return code -56

 

This error occurs because each time a change is made, the Username and Password credentials must be entered again.

For security reasons, changing key binding parameters (server IP address, CNID, or DN) or updating the secondary/tertiary server automatically unsets/clears the stored username and password credentials. These sensitive fields are not displayed in the GUI or show commands for security, so the system forces re-entry to prevent accidental use of stale or mismatched credentials with the new settings.

Note:
There is a known issue 1033972 where trying to change the IP setting from the GUI results in 'Empty values are not allowed'. This issue has been addressed in firmware versions 7.4.10 and 7.6.x.
      Terms & ConditionsAccessibility statement