Staff

Technical Tip: Change FortiAnalyzer/FortiManager LDAP cache timeout

Forum|Forum|11 months ago
June 12, 2025
0 replies
452 views

Description

This article describes how to change (decrease or increase) the LDAP query cache timeout on FortiAnalyzer and FortiManager.

Scope

FortiAnalyzer, FortiManager.

Solution

LDAP Remote Authentication in FortiAnalyzer or FortiManager can be used for admin login or Report LDAP query. Sometimes changes in the LDAP are not reflected immediately in FortiAnalyzer/FortiManager, which could be due to the ldap-cache-timeout.

The default value for LDAP cache timeout is 86400 (24 hours). This value can be decreased or increased as required:

config system global
set ldap-cache-timeout <integer> <----- Time in seconds. Can be anywhere from 1 to 31,536,000 (1 year).
set ldapconntimeout <integer> <----- Time in milliseconds. The default is 60,000.
end

Related document:

LDAP Servers - FortiAnalyzer 7.6.3 administration guide

Technical Tip: Newly created Active Directory groups are not immediately visible

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded