Technical Tip: How to Troubleshoot the 'Invalid LDAP server' Error

This article describes how to troubleshoot the 'Invalid LDAP server' Error.

Sometimes, the LDAP server is connected successfully and is able to authenticate the username as well against the LDAP server.

When the group information is trying to be pulled, it will give the error 'Invalid LDAP server'.

It will keep loading as shown in the picture.

• Finally, it will give the error 'Invalid LDAP server'.
• If a Wireshark capture is run, 'abandon request' information will appear:

• This abandon request happens when the FortiGate sends the request to the LDAP server and if after a certain time, it does not receive the response from the server it will send this request to stop this operation.
• There could be multiple reasons for that, but one reason is that there might be some latency in the customer environment and that’s why this operation does not get completed.

Solution:

• To resolve this issue, it is possible to increase the value of remote authentication timeout:

 # config system global

     set remoteauthtimeout 300 <-----  Default value is set to 5

 end

For further LDAP troubleshooting refer to this article below:

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Fortigate-LDAP/ta-p/196280

• It is also possible to try using the BIND type on the LDAP server as Regular and put the credentials.
• After that, it is possible to go back and check again if it still shows the same error.

If the issue persists, contact Fortinet Support.