Scenario: In some situations, the user connects to an LDAP server successfully but user credentials fail, even though a user is configured correctly. When testing the 'Browse' functionality, the error 'Invalid LDAP server' may be observed in the GUI.
Run the following debug commands:
diagnose debug reset
diagnose debug disable diagnose debug app fnbamd -1 diagnose debug enable
Test the Browse functionality in the GUI.
Example output showing the error message:
2024-01-17 11:10:41 [1052] __ldap_rxtx-Change state to 'DN search' 2024-01-17 11:10:41 [985] __ldap_rxtx-state 11(DN search) 2024-01-17 11:10:41 [750] fnbamd_ldap_build_dn_search_req-base:'dn=Test,dn=Training,dn=org' filter:sAMAccountName=ldaptest1 --> Search on DN name 2024-01-17 11:10:41 [1083] fnbamd_ldap_send-sending 101 bytes to x.x.x.x [x.x.x.x is you server IP address] 2024-01-17 11:10:41 [1096] fnbamd_ldap_send-Request is sent. ID 2 2024-01-17 11:10:41 [985] __ldap_rxtx-state 12(DN search resp) 2024-01-17 11:10:41 [1127] __fnbamd_ldap_read-Read 8 2024-01-17 11:10:41 [1233] fnbamd_ldap_recv-Leftover 2 2024-01-17 11:10:41 [1127] __fnbamd_ldap_read-Read 81 2024-01-17 11:10:41 [1306] fnbamd_ldap_recv-Response len: 83, svr: x.x.x.x 2024-01-17 11:10:41 [987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:2, type:search-result 2024-01-17 11:10:41 [1009] fnbamd_ldap_parse_response-Error 1(000020D6: SvcErr: DSID-03100837, problem 5012 (DIR_ERROR), data 0 ---> Error Message )
When this message is observed, navigate to the LDAP server and right-click on Properties -> Attribute Editor -> Navigate to the value for 'distinguished name' and ensure that the value set on the FortiGate matches it.
To check the settings from the CLI:
To check the setting from GUI:
|