Created on 04-18-2023 10:08 PM Edited on 12-15-2024 03:00 PM By Stephen_G
Description |
This article describes how to troubleshoot the 'Invalid LDAP server' Error. |
Scope | FortiGate. |
Solution |
Sometimes, the LDAP server is connected successfully and can authenticate the username as well against the LDAP server. When the group information is trying to be pulled, it will give the error 'Invalid LDAP server'. It will keep loading as shown in the picture.
Solution:
Ideally, this issue will not appear. The reason here is that the remote LDAP server is not responding in time. See to address that with the network and server team responsible. To workaround this issue, it is possible to increase the value of remote authentication timeout:
config system global set remoteauthtimeout 300 <----- The default value is set to 5 seconds, the same as what the packet capture had shown above. end
For further LDAP troubleshooting refer to this article below: Troubleshooting Tip: FortiGate LDAP
To convert packet capture to Wireshark readable: Technical Tip: How to import 'diagnose sniffer packet' data to WireShark.
If the issue persists, contact Fortinet Support.
It is also possible to receive an 'invalid LDAP server' error in FortiGate LDAP servers while performing a DN query:
The error below, if it appeared in the fnbamd debug and packet capture for the LDAP, indicates a binding issue and a need to perform the change on the AD server. The issue can be addressed from Microsoft side by adding a registry to the Window Server.
[1186] fnbamd_ldap_parse_response-Error 1(000004DC: LdapErr: DSID-0C090BA8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839)
In another scenario, the FortiGate gives the same error 'Invalid LDAP server', but doing the packet capture and the fnbamd debugs shows the error 'In order to perform this operation a successful bind must be completed on the connection'. the error indicated a binding issue and need to perform the change on AD server, the issue can be addressed from Microsoft side by adding a registry to the Windows Server. See this document.
After making sure the aforementioned steps are completed, it can be seen in the packet capture that the bind from the FortiGate is successful but the LDAP server replies with an operations error: 'In order to perform this operation, a successful bind must be completed on the connection'. This is an issue on the LDAP server side, so check for changes or updates on the LDAP server. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.