Help
FortiAuthenticator
FortiAuthenticator provides centralized authentication services for the Fortinet Security Fabric including multi-factor authentication, single sign-on services, certificate management, and guest management.
shikhakolekar
Staff
Staff

Created on ‎07-21-2025 01:35 AM Edited on ‎07-21-2025 02:14 AM By Community Manager

Article Id 401565

Technical Tip: How to validate and solve error 'ldap_search_ext_s search failed: Timed out' for LDAP remote sync rule

Description

 

This article describes how to solve 'ldap_search_ext_s search failed: Timed out'.

 

In this case, the rule is created for adding any remote LDAP users to FortiAuthenticator. Symptom observed is that users do not reflect under Authentication -> User Management -> Remote Users.

 

Certain slowness may also be observed when listing the LDAP users through the LDAP server on FortiAuthenticator.

 

Scope

 

FortiAuthenticator.

 

Solution

 

Step 1: Verify if the user is visible in the LDAP tree. The user created on LDAP is 'User1013'.

 

Userslistedon AD.png

 

 

Step 2: On the Sync rule created, check the filter applied. Navigate to User Management -> Remote User sync Rules. Ensure that the filter rightly presents OU and the group the user is part of. Verify this by using test filter option; this should return the OU and group that, user is part of

 

LDAPfilter.png

 

If this fails, check for the filters as per this KB article Technical Tip: LDAP filter syntax for groups and remote user sync rules. If not, proceed with step 3.

 

Note:

When using filter '(&(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=cn=group1,ou=FED_BU ,dc=test,dc=training,dc=lab)' this will list all users with subgroups, i.e, nested groups 

 

Step 3: Perform manual sync. Search for the user under Authentication -> User Management -> Remote Users. If the user is still not present, navigate to Logging -> Log Access -> Logs, to confirm if sync has failed.

 

Failed error.png

 

Error messages:

 

Message Performing remote LDAP user sync (rule: Test LDAP Sync rule) with AHAM_AD (10.10.20.1).
Message Unable to query remote LDAP server AHAM_AD (10.10.20.1) for users to sync (rule Test LDAP Sync rule): ldap_search_ext_s search failed: Timed out
Message Failed to sync (rule: Test LDAP Sync rule) with AHAM_AD: Unable to query remote LDAP server AHAM_AD (10.10.20.1) for users to sync (rule Test LDAP Sync rule :ldap_search_ext_s search failed: Timed out

 

Step 4: Increase the timeout value of the LDAP authentication. Navigate to Authentication -> Remote Auth.Servers -> Generalset LDAP Server Response Timeout '5' to 20 or 25 and test again.

 

This should solve the error 'ldap_search_ext_s search failed: Timed out'.

76
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.