It's not the DN (syntax).
The FGT cannot contact the LDAP server. IMHO a secure LDAP connection (LDAPS) uses port 636, not 389.
Either switch back to regular LDAP or check the secure connection (username, password, protocol).
All good suggestion but have you tried any diag test authserver ldap commands from the cli?
PCNSE
NSE
StrongSwan
Hello,
Login to your Windows Domain Controller and type into the CLI:
C:\>dsquery user -samid administrator
You will get something like this:
C:\>dsquery user -samid administrator "CN=Administrator,CN=Users,DC=homelab,DC=local"
Put the CN=Administrator,CN=Users,DC=homelab,DC=local into the User DN field (Bind type: Regular).
Set the admin password.
Use sAMAccountName as Common Name Identifier.
Use dc=homelab,dc=local as the Distinguished Name. (The CN=User means a group in the homlab.local domain, so in this case only the domain was used. Set the domain at first to see whether the LDAP will work. You can set an OU or CN later on to what you need to not search the whole LDAP tree. It depends what you need.)
Try the Test without the Secure Connection. It should work. If you will use the Securte Connection you will need probably some certificate issued by your CA in the Windows AD environment - Someone else can correct me if I am wrong.
AtiT
You're still using LDAPS on the regular LDAP port. Do you read the posts here at all?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1742 | |
1114 | |
760 | |
447 | |
241 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.