Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jcubio
New Contributor

Active Directory Integration

Hi All,

 

I'm having an issue with the LDAP integration.

 

First here's my setup overview:

[ol]
  • Windows Server 2016 with Active Directory role.
  • LDAP Server installed in the same AD[ul]
  • Because default LDAP port cannot be used when AD is also installed, I used port 50724[/ul]
  • Now my issue is the configuration of LDAP in the Firewall[ul]
  • I am following this youtube guide to setup the LDAP, but I changed the port to 50724. But when testing the connection, I always get ldap_80 error
  • When I changed the port to the default (389). The connection is successful but when creating Groups or LDAP user, the query returns empty.[/ul][/ol]

    Note: Everything is running in EVE-NG and Firewall image is a KVM.

     

     

  • 1 REPLY 1
    Alivo__FTNT
    Staff
    Staff

    Hello jcubio,

    You can run packet sniffer or use packet capture on interface facing ldap, to see what goes wrong with communication. The output can be opened in wireshark. LDAP protocol is easy to read and is well documented. It would be better to see your ldap configuration as well. Or you can run in SSH:

     

    diag debug reset

    diag debug console timestamp enable

    diag debug application fn -1

    diag debug enable

    diag test authserver ldap <ldap_server_name_as_in_fortigate> <UserName> <password>

     

    once the output finishes/issue is reproduced, disable debug by:

    diag debug disable

    diag debug reset

    We should see what the ldap returns in the output.

    Best Regards,

    Alivo

    livo

    Announcements

    Select Forum Responses to become Knowledge Articles!

    Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

    Labels
    Top Kudoed Authors