We have LDAPS setup on Azure (Domain Service enabled).
If we querry the ldap server from a Linux box, it works fine.
We want to setup LDAP authentication on the Fortigate to authenticate SSLVPN users.
I tried all sort of syntax, but it always fail with "Can't contact LDAP server", no matter the DN, using cn, uid or samaccountname, etc
Tried the debug commands as well, but it failed straightaway with a similar message
On Fortigate, the ldap server is set with port 636, with no Secure Connection
Cannot see any traffic on port 636 (probably not using the correct commands for it!), and not sure if it is enabled by default from the firewall itself to the internet.
As anyone ever been able to setup LDAPS from Azure with Fortigate? It looks like most of the documentation refer to active directory on premise.
Any help would be appreciated
Please try to apply the following commands via cli and try to connect.config user ldapedit xxx>>> Server Nameset server-identity-check disableendif this does not help please debugdiag debug enablediag debug app fnbamd -1
if you do not see any traffic and the LDAP server on FortiGate is configured to use port 636. Make sure to test different, as this could be on a different network level.
Does a ping work?
If not, run a sniffer as follows:
diag sniffer packet any 'host <LDAP-IP>' 4 0 a
It will show you, if there is traffic, on which interface this is leaving and what traffic this might be. ICMP should at least leave the FortiGate (and hopefully getting a response as well).
If you are sure which interface, the traffic must exit:
diag sniffer packet <interface> 4 0 a
Then leave this running for some time. You might see arp requests for the IP that are not getting responses.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.