Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
farhanahmed
Staff
Staff

Created on ‎06-12-2025 10:34 AM Edited on ‎10-16-2025 03:09 AM By Staff

Article Id 396118

Technical Tip: Change FortiAnalyzer/FortiManager LDAP cache timeout

Description This article describes how to change (decrease or increase) the LDAP query cache timeout on FortiAnalyzer and FortiManager.
Scope FortiAnalyzer, FortiManager.
Solution

LDAP Remote Authentication in FortiAnalyzer or FortiManager can be used for admin login or Report LDAP query. Sometimes changes in the LDAP are not reflected immediately in FortiAnalyzer/FortiManager, which could be due to the ldap-cache-timeout.

 

The default value for LDAP cache timeout is 86400 (24 hours). This value can be decreased or increased as required:

 

config system global
    set ldap-cache-timeout <integer> <----- Time in seconds. Can be anywhere from 1 to 31,536,000 (1 year).
    set ldapconntimeout <integer> <----- Time in milliseconds. The default is 60,000.
end

 

Related document:

LDAP Servers - FortiAnalyzer 7.6.3 administration guide

Technical Tip: Newly created Active Directory groups are not immediately visible 
283
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.