FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 277689

This article describes how to fix the LDAP connection status 'Strong(er) authentication required'.


Under Users & Authentication -> LDAP Servers, 'double-click' on the LDAP server name, and the connection status is shown below:





Based on the logs:

2023-08-14 16:06:10 [987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:1, type:bind
2023-08-14 16:06:10 [1009] fnbamd_ldap_parse_response-Error 8(00002028: LdapErr: DS
ID-0C090276, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v2580) ---> Error sent by LDAP Server
2023-08-14 16:06:10 [1023] fnbamd_ldap_parse_response-ret=8
2023-08-14 16:06:10 [785] __ldap_done-svr 'Forti-LDAP'
2023-08-14 16:06:10 [755] __ldap_destroy-
2023-08-14 16:06:10 [724] __ldap_stop-Conn with destroyed.
2023-08-14 16:06:10 [216] fnbamd_comm_send_result-Sending result 1 (nid 0) for req1885254761, len=2148
2023-08-14 16:06:10 [789] destroy_auth_session-delete session 1885254761
2023-08-14 16:06:10 [755] __ldap_destroy-
authenticate 'it-administrator' against 'Forti-LDAP' failed!

Scope FortiGate.

It is required to change the value of the parameter 'ldapserverintegrity' on the LDAP server, which must be equal to '1'.


  1. Locate and then select the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
  2. 'Right-click' the LDAPServerIntegrity registry entry, and then select 'Modify'.
  3. Change Value data to 1 (default is 2).
  4. Select 'OK'.


In case of the requirement to have this parameter active, as Microsoft Document advises, it is required to have Secure Connection enabled and LDAPS configurated:




Related documents.




How to create LDAPs:

Technical Tip: Configuring LDAP over SSL (LDAPS)