|
When there is a service account/administrator password getting expired/reset/renewed on the Active directory results in the FSSO collector agent fails in getting group information.
The collector agent debugs shows below messages where LDAP bind fails
02/11/2022 11:47:58 [ 5152] ldaplib::ldap_bind_s failed, server:fermion-kvm52.rishi.com error code:0x31.
02/11/2022 11:47:58 [ 5152] ad_user_get_groups_str2_s():<NONE>
Validate and correct with proper username, password details on collector agent under 'Set Directory Access Information' --Advanced setting--Correct with username and password details.
Note: If the Advanced setting show blank for LDAP configuration, it means Fortinet Single Signon uses Service account credentials.
It can be validated under 'service.msc' , Open services--Fortinet Single Sign-on Agent service--Properties--Logon, correct with credentials.
|
