Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
renatoconeglian
New Contributor

Fortigate LDAP Expired Password Reset + Google Cloud Directory Sync not working

Hi friends! How are you?

 

We are following a tutorial:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Enable-expired-password-LDAP-renewal-with-...

 

But we found an issue with GCDS. We use Active Directory and Google Cloud Directory, and our LDAP syncs with Google via Google Cloud Directory Sync (GCDS).

 

Using Remote Desktop to the Active Directory server, when we right-click an AD user and select Reset Password and change it, GCDS runs as well and change the user's password on Google Cloud Directory.

 

But we tried using the steps described on that tutorial but Google Cloud Directory seems to not activate when the user changes It's password via FortiClient VPN GUI.

 

FortiClient is able to detect that the password expired and must be changed on next logon, it pop's the new password window, the user applies it, the password changes at Active Directory but GCDS doesn't get activated, so the user will now have 2 passwords, 1 for AD and 1 for Google... Do you guys have any guess on what we should do to fix that?

 

Thanks a lot in advance!

1 Solution
renatoconeglian

Hi @Anonymous thanks for the reply and sorry for the delay on our response. We were trying solutions for this theme and for now, we are testing a solution:
We have 2 instances of Active Directory (one is a redundant instance) and we found out that we do need one GCDS installation but 2 password sync installations, and we had one.

 

Now we are operating with password sync running on both Active Directories and looks like the GCDS is working fine with Forticlient now.

View solution in original post

2 REPLIES 2
Anonymous
Not applicable

Hello @renatoconeglian,

 

                    Thanks for reaching Fortinet Community.

Could you let us know if this is a new set up or the issue started post a firmware upgrade? From the description it seems like the password change request has been sent through to the remote devices.

Could you perform a packet capture on the firewall and replicate the issue? This could give us more details.

 

Thanks and regards,

renatoconeglian

Hi @Anonymous thanks for the reply and sorry for the delay on our response. We were trying solutions for this theme and for now, we are testing a solution:
We have 2 instances of Active Directory (one is a redundant instance) and we found out that we do need one GCDS installation but 2 password sync installations, and we had one.

 

Now we are operating with password sync running on both Active Directories and looks like the GCDS is working fine with Forticlient now.

Labels
Top Kudoed Authors