LDAPS and Forti products

Forum|Forum|7 months ago
November 12, 2025
2 replies
291 views

So I enabled LDAPS on Fortigate, FortiADC, FortiVoice, Fortianalyzer and did NOT upload the RootCA to any of them and LDAP is still working.

For Fortianalyzer I enabled Debugging. So not sure if a cert is required on the fori side of things?

This is what I get with no CERT applied

2025-11-12 13:16:16 s121: auth request: user= from=GUI
2025-11-12 13:16:16 s121: found admin:
2025-11-12 13:16:16 s121: start ldap: LDAP
2025-11-12 13:16:16 s121:LDAP: connecting to server 0: IPhere ip= port=636/tcp
2025-11-12 13:16:16 s121:LDAP: connected
2025-11-12 13:16:16 s121:LDAP: url: ldaps://IPhere:636
2025-11-12 13:16:16 s121:LDAP: starting tls: ca=
2025-11-12 13:16:16 s121:LDAP: binding admin: FortiSA
2025-11-12 13:16:16 s121:LDAP: got result: Success(0)

And here is what I get when a CERT is applied.

2025-11-12 13:16:16 s121: auth request: user= from=GUI
2025-11-12 13:16:16 s121: found admin:
2025-11-12 13:16:16 s121: start ldap: LDAP
2025-11-12 13:16:16 s121:LDAP: connecting to server 0: HOSTNAMEHERE ip= port=636/tcp
2025-11-12 13:16:16 s121:LDAP: connected
2025-11-12 13:16:16 s121:LDAP: url: ldaps://HOSTNAME:636
2025-11-12 13:16:16 s121:LDAP: starting tls: ca=Root
2025-11-12 13:16:16 s121:LDAP: binding admin: FortiSA
2025-11-12 13:16:16 s121:LDAP: got result: Success(0)