- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiManager redundant LDAP servers
Hello,
I'm configuring FortiManager LDAP integration with Windows AD DS and I want to specify redundant LDAP servers to authenticate users.
In Remote Authentication Server when I configure an LDAP server in Server Name/IP I define the IP of the LDAP server and the authentication works perfect.
But I want to add another LDAP server for redundancy. So, I define in Advanced Options in the field secondary-server the secondary IP of another LDAP server.
In a scenario the first LDAP server is down, the secondary server never try to establish a TCP connection.
Any ideas of how to configure redundant LDAP servers?
Kind Regards,
Rogério Ferreira.
- Labels:
-
FortiManager
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
May I know the firmware version of the Fortimanager?
Also, may I know if you want the LDAP server for Fortimanager admin user?
You may add the secondary server by following this path:
System settings >> Admin >> Remote Auth Server >> edit the LDAP server >> Secondary-server
BR,
Manosh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Manosh,
I'm doing some test in lab to deploy in a live solution and the FMG version is 7.0.4.
I want to configure wildcard administrators, and I configure a new administrator for the integration.
And the setup is working perfect with specific Windows groups, that I define in 'Group' in Remote Auth Server.
I have configured a secondary server as you specify but when I put down the interface on the first LDAP server FMG continue to try to resolve the ARP and never send a TCP to the second server.
Thanks for your reply.
Rogério Ferreira.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
My problem still happen in FMG 7.2.0 version.
If I replace the IP address on LDAP connection at "Server Name/IP" to the secondary server the user get authenticated correctly and has access to FMG.
Rogério Ferreira.