Problem import user LDAP UNIX (OpenLDAP) FortiAuthenticator

Hello AliE,

I have found this document:

https://community.fortinet.com/t5/FortiAuthenticator/Troubleshooting-Tip-Unable-to-import-remote-LDAP-user/ta-p/202235

 Could you please have a look and tell me if it helped?

If not, we will continue to look for another solution.

Regards,

Hey Ali,

maybe a stupid question - if you don't set a filter for 'ObjectClass=person', can you import the user, or does that also result in an error?

In addition, it may be worth checking in your remote LDAP server settings on FortiAuthenitcator that you have the correct mapping for username attribute etc.

Hi,

as "entry does not match the configured filter" and as it is supposed to be OpenLDAP.

Then I would check and make sure that proper template is used in your FortiAuthenticator in LDAP server config. And more importantly that this fit to your OpenLDAP and schemas it uses. Use some LDAP browser (MSFT Windows do have one built in ldp.exe but it's ugly and not user friendly, honestly) to check what are your users and their properties.

Example from my test OpenLDAP:

Because your set LDAP filter is:  (objectClass=person)

Check your OpenLDAP and properties of so called user objects.

Check and make sure that they are objectClass = person.

Because some of mine are for example  "objectClass = inetOrgPerson; posixAccount" , not a "person" !

That filter might came from default setting in FortiAuthenticator and from applied OpenLDAP template in LDAP Remote Auth. Server config .. its default looks like this:

Feel free to tweak those settings according to your OpenLDAP server.