Skip to main content
TobiasHan
TobiasHan
New Member
November 10, 2017
Solved

Connect FortiGate over VPN with LDAP-Server

  • November 10, 2017
  • 1 reply
  • 16037 views

Hello,

 

i want to connect a FortiGate 101E in the "Branch Office" over a VPN-Tunnel with a LDAP Server in the "Main Office".

 

Over CLI i get a ping to the ldap-server, but over "User & Device" -> "LDAP-Servers" -> Edit LDAP Server -> and then "Browse" or "Test Connectivity" i only get "invalid credentials" bzw. "invalid ldap server". But the credentials are ok. And also the ldap server.

Does anyone had an idea, why i can't get a connection to the LDAP-Server?

 

If you need more information, please ask.

 

Kind regards

Tobias

    Best answer by Carl_Wallmark

    Hi Tobias,

     

    Yes, I think I know the problem.

    You need to add "set source-ip x.x.x.x" inside the LDAP object, (must be done in CLI)

     

    config user ldap

    edit <name of ldap>

    set source-ip 10.1.2.3 <- for example

    end

     

    By default the ldap connection will use the Interface IP when it leaves the firewall, and that should be the public ip, and that will not route through the tunnel. So set the IP of your internal interface in the ldap object instead.

    1 reply

    Carl_Wallmark
    Carl_WallmarkAnswer
    New Member
    November 10, 2017

    Hi Tobias,

     

    Yes, I think I know the problem.

    You need to add "set source-ip x.x.x.x" inside the LDAP object, (must be done in CLI)

     

    config user ldap

    edit <name of ldap>

    set source-ip 10.1.2.3 <- for example

    end

     

    By default the ldap connection will use the Interface IP when it leaves the firewall, and that should be the public ip, and that will not route through the tunnel. So set the IP of your internal interface in the ldap object instead.

      TobiasHan
      TobiasHanAuthor
      New Member
      November 10, 2017

      Hi Selective,

       

      i have configured the "set source-ip" in the ldap-object but it doesn't work.

       

      I can't reach the ldap server over the web gui.

      When i make a "diag test authserver ldap ldap-object username password" i get a "authenticate username against ldap object failed!

       

      Is there a possilibity to test the connection over the cli?

       

      Regards

       

       

      Carl_Wallmark
      Carl_Wallmark
      New Member
      November 10, 2017

      hmm, and the IP you set is the internal IP of the firewall, and that IP is routable in the tunnel ?

      Terms & ConditionsAccessibility statement