I'm running a free trial with Okta, and I'm trying to configure Okta as an LDAP server to authenticate Fortigate VPN users. I have the LDAP Interface set up in Okta already. When I go to set up the LDAP server in the Fortigate, I'm getting an error each time I test connectivity:
Can't contact LDAP server
Any suggestions?
I would verify the FortiGate can resolve that domain properly by doing 'exec ping trial-xxxx.ldap.okta.com'.
If the firewall can resolve that fine, I would make sure it is reaching out properly by doing a sniffer.
The command for that would be 'di sni pack any 'port 636' 4 0 l'.
I would run that command, then test connectivity again.
You can start by disabling secure LDAP (secure connection radio button) to test if this resolve the issue. If it resolved this narrow down the problem to security certificate mismatch or so. Make sure the Username to query LDAP has sufficient privileges' to after confirming DNS resolution and reachability. In addition you can try different Bind Types and see if this helps
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1738 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.