|
Navigate to the LDAP settings via FortiGate CLI to understand the current configuration by using commands:
config user ldap
edit <LDAP Server Name>
show
Run the following debug commands to check for the error 'No DN is Found'.
diagnose debug enable
diagnose debug application fnbamd 255
diagnose debug enable
If debug logs show 'No DN is found', this output will appear:
[1100] fnbamd_ldap_recv-Response length: 16, server: 192.168.1.11
[988] fnbamd_ldap_parse_response-Received one MESSAGE. ID: 2, type: search-result
[1008] fnbamd_ldap_parse_response-Return code: 0
[1335] __fnbamd_ldap_dn_next-No DN is found. -> Issue.
[1055] __ldap_rxtx-Changed state to 'Done'
Set the CNID attribute to 'UserPrincipalName' to allow successful authentication using usernames with domain names.
Here are the commands to run on CLI:
config user ldap
edit <LDAP Server Name>
set cnid "UserPrincipalName"
end
Note: Only 'UserPrincipalName' would work for 'username@domain.local', while sAMAccountName and cn are suitable for 'username' and 'domain\username'.
|
