FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description This article describes the situation where the user is unable to fetch user groups information on Fortinet Single Sign-On Collector Agent Service.

Fortinet Single Sign-On Collector Agent


When there is a service account/administrator password getting expired/reset/renewed on the Active directory results in the FSSO collector agent fails in getting group information.


The collector agent debugs shows below messages where LDAP bind fails 


02/11/2022 11:47:58 [ 5152] ldaplib::ldap_bind_s failed, error code:0x31.
02/11/2022 11:47:58 [ 5152] ad_user_get_groups_str2_s():<NONE>


Validate and correct with proper username, password details on collector agent under 'Set Directory Access Information' --Advanced setting--Correct with username and password details.


Note: If the Advanced setting show blank for LDAP configuration, it means Fortinet Single Signon uses Service account credentials.

It can be validated under 'service.msc'  , Open services--Fortinet Single Sign-on Agent service--Properties--Logon, correct with credentials.