Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
cmaheu
Staff
Staff

Created on ‎04-13-2022 01:15 PM Edited on ‎07-01-2022 08:33 AM By Community Manager

Article Id 209296

Technical Tip: Removal/Addition of LDAP model can cause user synchronization issues.

Description

This article describes a behavior where user attribute information is no longer accurate after adding and removing LDAP directory models. Some user records can still be associated to the old directory.

This prevents information from updating properly when a directory synchronization is run.

 

Symptoms include hosts not matching policies based on LDAP group membership.

 

For instructions to replace a directory, refer to the following link:
https://docs.fortinet.com/document/fortinac/9.4.0/administration-guide/956653/delete-a-directory 
Scope Version: 8.8 and greater.
Solution

1) Perform database backup.


2) Modify the new LDAP directory model and change the name to the old directory name.


3) Select OK (This re-writes the name attribute to all of the user records and can take a few minutes).


4) Change the LDAP directory name back to the new name and select OK.
Labels:
556
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.