When configuring FortiManager to retrieve user and user group information from a remote authentication server (e.g., LDAP), the following error may appear: 'Can't contact LDAP server'.

This issue typically occurs when network communication between FortiManager and the remote server is blocked or not properly established. FortiManager needs direct access to the remote authentication server to retrieve user and group information.

To troubleshoot this issue, check whether FortiManager can reach the remote server by using basic tools like ping or traceroute (if available).

Inspect the packet flow and verify if the packets are being sent and received, use the following command:

diagnose sniffer packet any 'host <IP_of_remote_server>' 4 0 l

Replace the <IP of remote server> with the actual IP address. This will help determine if the LDAP requests are leaving FortiManager and if any responses are received.