New Member

Question

Invalid LDAP server: Timed out |and | Invalid LDAP server: Can't contact LDAP server

Forum|Forum|9 years ago
April 26, 2017
2 replies
14121 views

Hi,

We have a fortigate 100C running 5.4 code, we want to setup a secondary ldap server ( backup) for ssl users, when we try to connect the ldap ( over a vpn tunnel) we for the below error message

We are not blocking the traffic ( all permit ports/ips) what could be the problem? I tried to reach the server from the firewall but need to specify a source ip otherwise the ping is not working.

thank you,

Jeff_FTNT

Staff

You may to increase ldap timeout. Default value is 500 milliseconds

config system global

set ldapconntimeout xxx

end

andmag

New Member

Hi!

The FG uses public ip for your WAN-Interface so you need to put that in crypto for the VPN-Tunnel. Don´t forget host/sunbnet for the LDAP-Server on the remote side :)

emnoc

New Member

Negative, you don't have to do that. Just apply the source ip address that's allowed over the vpn-tunnel

e.g

config user ldap

edit "TESTAD"

set server "10.12.1.1"

set secondary-server ''

set tertiary-server ''

set source-ip 10.10.10.1

set cnid "cn"

set dn ''

set type simple

set group-member-check user-attr

set secure disable

set port 389

set password-expiry-warning disable

set password-renewal disable

set member-attr "memberOf"

unset search-type

in this case 10.0.10.1 would be my fortigate inside lan address, loop,etc....

Ken

akatzkac

New Member

Emnoc's source-ip assignment did the trick for me.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded