Description | This article describes the changes in LDAPS authentication behavior introduced in v7.4.4 & v.7.4.5. |
Scope | FortiGate v7.4.4 and above. |
Solution |
After upgrading to v7.4.4 and above, attempts to authenticate using LDAPS are unsuccessful. This issue can be confirmed by running a packet sniffer for the LDAPS server's IP address and executing the debug commands mentioned below:
di de application fnbamd -1
To start the sniffer, navigate to Network -> Diagnostics and select 'New Packet Capture'.
From the debug command logs, FortiGate fails to validate the server certificate:
FortiOS 7.4.4 enhances the security standards for LDAPS by requiring that the server certificate be trusted by FortiOS during the TLS handshake. To comply with this requirement, CA certificate of the LDAP server must be imported into the FortiGate. Import the CA certificate by following the steps outlined below:
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.