Description | This article describes the situation where the user is unable to fetch user groups information on Fortinet Single Sign-On Collector Agent Service. |
Scope |
Fortinet Single Sign-On Collector Agent |
Solution |
When there is a service account/administrator password getting expired/reset/renewed on the Active directory results in the FSSO collector agent fails in getting group information.
The collector agent debugs shows below messages where LDAP bind fails
02/11/2022 11:47:58 [ 5152] ldaplib::ldap_bind_s failed, server:fermion-kvm52.rishi.com error code:0x31.
Validate and correct with proper username, password details on collector agent under 'Set Directory Access Information' --Advanced setting--Correct with username and password details.
Note: If the Advanced setting show blank for LDAP configuration, it means Fortinet Single Signon uses Service account credentials. It can be validated under 'service.msc' , Open services--Fortinet Single Sign-on Agent service--Properties--Logon, correct with credentials. |