Cloning LDAP server works, creating as new doesn't

Forum|Forum|3 years ago
December 2, 2022
1 reply
1563 views

We are replacing our LDAP server, and so I need to create a new LDAP entry on my Fortigate. I clone the current entry, and enter the new LDAP server's IP address, then do the connectivity tests which work. Great, all seems perfectly fine.

However, if I instead select to create the new LDAP server entry (instead of cloning the original one) and enter the correct details, a connectivity test and user credential test fails. So, this makes me concerned that the cloned entry may have a problem, even though it apparently checks out.

I am definitely entering the correct details when I select create, as opposed to clone. Why would clone work and not create? If the created one fails, could there be a problem with the cloned one?

Thank you.

FortiGate

Sheikh

Staff

Hi @ITHRBruce,

The debug output of LDAP communication might help you. Could you try following debugs and see the results, when you are using new LDAP server and when you are using cloned LDAP server ?

You might need to compare those two outputs.

========================================

diagnose debug console timestamp enable

diagnose debug application authd -1

diagnose debug application fnbamd -1

diagnose debug enable

******* now either test LDAP connection again in GUI console, or run these commands in CLI*****

diagnose debug authserver dc test Test@1234

** Where dc is the name of ldap server name in FortiGate, followed by username and password. This might not be the same as actual domain controller name.

regards,

Sheikh

ITHRBruceAuthor

New Member

Thanks, I will take a look and let you know.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded