Active Directory Integration

jcubio · ‎04-14-2020

Hi All,

I'm having an issue with the LDAP integration.

First here's my setup overview:

[ol]

Windows Server 2016 with Active Directory role.

LDAP Server installed in the same AD[ul]

Because default LDAP port cannot be used when AD is also installed, I used port 50724[/ul]

Now my issue is the configuration of LDAP in the Firewall[ul]

I am following this youtube guide to setup the LDAP, but I changed the port to 50724. But when testing the connection, I always get ldap_80 error

When I changed the port to the default (389). The connection is successful but when creating Groups or LDAP user, the query returns empty.[/ul][/ol]

Note: Everything is running in EVE-NG and Firewall image is a KVM.

Alivo__FTNT · ‎04-17-2020

Hello jcubio,

You can run packet sniffer or use packet capture on interface facing ldap, to see what goes wrong with communication. The output can be opened in wireshark. LDAP protocol is easy to read and is well documented. It would be better to see your ldap configuration as well. Or you can run in SSH:

diag debug reset

diag debug console timestamp enable

diag debug application fn -1

diag debug enable

diag test authserver ldap <ldap_server_name_as_in_fortigate> <UserName> <password>

once the output finishes/issue is reproduced, disable debug by:

diag debug disable

diag debug reset

We should see what the ldap returns in the output.

Best Regards,

Alivo

livo

Active Directory Integration

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website