FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 205035
Description This article describes the situation where the user is unable to fetch user groups information on Fortinet Single Sign-On Collector Agent Service.

Fortinet Single Sign-On Collector Agent


When there is a service account/administrator password getting expired/reset/renewed on the Active directory results in the FSSO collector agent fails in getting group information.


The collector agent debugs shows below messages where LDAP bind fails 


02/11/2022 11:47:58 [ 5152] ldaplib::ldap_bind_s failed, error code:0x31.
02/11/2022 11:47:58 [ 5152] ad_user_get_groups_str2_s():<NONE>


Validate and correct with proper username, password details on collector agent under 'Set Directory Access Information' --Advanced setting--Correct with username and password details.


Note: If the Advanced setting show blank for LDAP configuration, it means Fortinet Single Signon uses Service account credentials.

It can be validated under 'service.msc'  , Open services--Fortinet Single Sign-on Agent service--Properties--Logon, correct with credentials.