Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
athirat
Staff
Staff

Created on ‎04-21-2020 12:10 AM

Technical Tip: Increase the LDAP query timeout

Description
This article describes how to increase the timeout on FortiGate for LDAP query.

Solution
In some cases, the LDAP server are not directly connected to FortiGate and due to delay in the path, the LDAP query is not recording a timeout.

'fnbamd debugs' on FortiGate will record an entry.
2020-03-17 20:27:50 [823] __ldap_timeout-
2020-03-17 20:27:50 [798] __ldap_try_next_server-LDAP 'LDAP' conn failed, svr: ldap-test
2020-03-17 20:27:50 [764] __ldap_error-
2020-03-17 20:27:50 [753] __ldap_stop-svr 'LDAP'
2020-03-17 20:27:50 [3246] fnbamd_ldap_result-Error (3) for req 608660764
In this case, 2 timeout values need to be taken into account.
# config sys global
    set remoteauthtimeout <in seconds>                                  <----- By default 5 seconds.
    set ldapconntimeout <in milliseconds>                             <----- By default 500 milliseconds.
end
Increasing these timeouts will result in a successful LDAP query.

3618
0 Kudos
Contributors

Contact Us