Skip to main content
FortiGator
FortiGator
Visitor III
January 9, 2026
Question

FortiManager LDAP config for use on FGT

  • January 9, 2026
  • 1 reply
  • 267 views

Having an issue I can't figure out and want to see if anyone else has experienced this same issue. I am trying to create an ldap profile in FortiManager to test using OU groups or specific users in firewall policies. Current version of FMG and FGT are 7.4.8. In FMG, Under policy and objects/user & authentication, I am creating the ldap profile and saving (no where to test query or creds). I then go to create an ldap user under user definition and as soon as I select the ldap server I get an operation error message. Doing debugs, it comes back as invalid creds. I have verified the creds were correct many times but still the same.

 

I am also able to create the ldap server on FMG under system settings / remote authentication and the settings work everytime. I also can replicate the same configuration directly on the firewall successfully. Anyone else run into similar issues and find a work around? The only workaround I can think of is to create the ldap server on the FGT and then reimport to FMG but should not have to go that route. 

1 reply

farhanahmed
Staff
farhanahmed
Staff
January 9, 2026

Try using a different binding admin user and see if that helps fetch the AD tree.

It could be ldap-cache-timeout issue try this as well:

https://community.fortinet.com/t5/FortiManager/Technical-Tip-Change-FortiAnalyzer-FortiManager-LDAP-cache/ta-p/396118

FortiGator
FortiGatorAuthor
Visitor III
January 9, 2026

will give a try when I get a chance.

Terms & ConditionsAccessibility statement