Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Cloning LDAP server works, creating as new doesn't

We are replacing our LDAP server, and so I need to create a new LDAP entry on my Fortigate. I clone the current entry, and enter the new LDAP server's IP address, then do the connectivity tests which work. Great, all seems perfectly fine.


However, if I instead select to create the new LDAP server entry (instead of cloning the original one) and enter the correct details, a connectivity test and user credential test fails. So, this makes me concerned that the cloned entry may have a problem, even though it apparently checks out.


I am definitely entering the correct details when I select create, as opposed to clone. Why would clone work and not create? If the created one fails, could there be a problem with the cloned one?


Thank you.



Hi ITHRBruce,


The debug output of LDAP communication might help you. Could you try following debugs and see the results, when you are using new LDAP server and when you are using cloned LDAP server ?


You might need to compare those two outputs.


diagnose debug console timestamp enable

diagnose debug application authd -1

diagnose debug application fnbamd -1

diagnose debug enable


******* now either test LDAP connection again in GUI console, or run these commands in CLI*****


 diagnose debug authserver dc test Test@1234

** Where dc is the name of ldap server name in FortiGate, followed by username and password. This might not be the same as actual domain controller name.






Thanks, I will take a look and let you know.


Hi again,


My issue seems to be resolved, I will not need to run these commands. Thank you though for your kind assistance, it is much appreciated.