FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 294692
Description This article describes how to resolve an LDAP Error 1 Message.
Scope FortiGate.

In some situations, the user connects to an LDAP server successfully but user credentials fail, even though a user is configured correctly. When testing the 'Browse' functionality, the error 'Invalid LDAP server' may be observed in the GUI.

Run the following debug commands:


diagnose debug reset

diagnose debug disable 
diagnose debug app fnbamd -1
diagnose debug enable 


Test the Browse functionality in the GUI.

Example output showing the error message:

2024-01-17 11:10:41 [1052] __ldap_rxtx-Change state to 'DN search'
2024-01-17 11:10:41 [985] __ldap_rxtx-state 11(DN search)
2024-01-17 11:10:41 [750] fnbamd_ldap_build_dn_search_req-base:'dn=Test,dn=Training,dn=org' filter:sAMAccountName=ldaptest1 --> Search on DN name
2024-01-17 11:10:41 [1083] fnbamd_ldap_send-sending 101 bytes to x.x.x.x [x.x.x.x is you server IP address]
2024-01-17 11:10:41 [1096] fnbamd_ldap_send-Request is sent. ID 2
2024-01-17 11:10:41 [985] __ldap_rxtx-state 12(DN search resp)
2024-01-17 11:10:41 [1127] __fnbamd_ldap_read-Read 8
2024-01-17 11:10:41 [1233] fnbamd_ldap_recv-Leftover 2
2024-01-17 11:10:41 [1127] __fnbamd_ldap_read-Read 81
2024-01-17 11:10:41 [1306] fnbamd_ldap_recv-Response len: 83, svr: x.x.x.x
2024-01-17 11:10:41 [987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:2, type:search-result
2024-01-17 11:10:41 [1009] fnbamd_ldap_parse_response-Error 1(000020D6: SvcErr: DSID-03100837, problem 5012 (DIR_ERROR), data 0 ---> Error Message

When this message is observed, navigate to the LDAP server and right-click on Properties -> Attribute Editor -> Navigate to the value for 'distinguished name' and ensure that the value set on the FortiGate matches it.

To check the settings from the CLI:




To check the setting from GUI: