Technical Tip: LDAP Error message ‘fnbamd_ldap_parse_response-Error 34’

btey · ‎01-06-2021

Description
This article describes what debug log means when ‘fnbamd_ldap_parse_response-Error 34’ is checked and what is the solution to fix it.

When the client accesses the LDAP Server via FortiGate , the error messages captured by FortiGate is showing as below, and cannot access to it normally.

Solution
In fnbamd debug logs, the error message is founded when tried to log on via the LDAP server.

[981] __ldap_rxtx-state 11(DN search)
[751] fnbamd_ldap_build_dn_search_req-base:'dc=test\2C dc=lab' filter:sAMAccountName=xxxx
[981] __ldap_rxtx-state 12(DN search resp)
[1127] __fnbamd_ldap_read-Read 8
[1127] __fnbamd_ldap_read-Read 94
[1307] fnbamd_ldap_recv-Response len: 96, svr: x.x.x.x
[988] fnbamd_ldap_parse_response-Got one MESSAGE. ID:2, type:search-result
[1010] fnbamd_ldap_parse_response-Error 34(0000208F: LdapErr: DSID-0C090A90, comment: Error processing name, data 0, v4563)
[1023] fnbamd_ldap_parse_response-ret=34

LDAP Error Codes, LDAP Error Codes is a Result Code indicating something went wrong.

Error LDAP 34: Invalid syntax for DN

Check on the DN syntax in the LDAP configuration.
Example:

# config user ldap
    edit "LDAP_Server"
        set server "X.X.X.X"
        set cnid "sAMAccountName"
        set dn "dc=test, dc=lab"                <----- Set dn 'dc=test,dc=lab', additional space between.
end

Refer to https://tools.ietf.org/html/rfc2253 for UTF-8 String Representation of Distinguished Names.

Technical Tip: LDAP Error message ‘fnbamd_ldap_parse_response-Error 34’

You are leaving our website