GUI method: 

1. Login to the FortiNAC GUI using a local administrator account.
2. Navigate to Network -> Settings -> Authentication -> LDAP. Alt: System -> Settings -> Authentication -> LDAP.
3. Select the applicable LDAP server and select modify.
4. Select Validate Credentials.

CLI method: 

1. Log in to FortiNAC-F as 'admin'.
2. Enter the shell with the following command:

execute enter-shell

3. Validate connection to LDAP server from the CLI, type: 

directorytest -conn

4. Print existing LDAP settings, type: 

directorytest -dump

If credentials fail to validate work with the server team to determine if the password for the LDAP login account has been changed or if the account has been locked. This account is used by FortiNAC to authenticate and look up users. 

Related Debug commands: 

nacdebug -name DirectoryManager true

nacdebug -name DirectoryAuthentication true

Note: In firmware release 7.6.2, there is a known issue with LDAP Admin user authentication when 'Additional Configuration' is set up under LDAP settings as shown below:

This issue will be fixed in a later release. 

Workaround: Clear the values for 'Domain Name' and 'Secondary Server'.

Related articles: 

• Directories
• Technical Tip: How to get a debug log report from FortiNAC