Created on
10-05-2023
11:42 PM
Edited on
09-11-2024
03:32 AM
By
Jean-Philippe_P
Description |
This article describes how to fix the LDAP connection status 'Strong(er) authentication required'.
Under Users & Authentication -> LDAP Servers, 'double-click' on the LDAP server name, and the connection status is shown below:
Based on the logs:
|
Scope | FortiGate. |
Solution |
It is required to change the value of the parameter 'ldapserverintegrity' on the LDAP server, which must be equal to '1'.
Note that this is a change on the domain controller unrelated to FortiGate. This change would fix the error message sent by the domain controller.
Since the domain controller in its role as a server sends the message to the FortiGate in its role as a requesting client, the reason for the response the server sends must be looked at on the server, not the FortiGate.
Contact the server team handling the domain controller or LDAP server with the recommendation above. There may be a reason that the registry setting is set to what it is. If so, another solution must be found by the team.
In case of the requirement to have this parameter active, as Microsoft Document advises, it is required to have Secure Connection enabled and LDAPS configurated:
Related documents:
2020, 2023, and 2024 LDAP channel binding and LDAP signing requirements for Windows (KB4520412)
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.