Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
cdoggyd
New Contributor II

Created on ‎09-24-2024 10:42 AM

Fortigate VPN & Okta LDAP

I'm running a free trial with Okta, and I'm trying to configure Okta as an LDAP server to authenticate Fortigate VPN users. I have the LDAP Interface set up in Okta already. When I go to set up the LDAP server in the Fortigate, I'm getting an error each time I test connectivity:

Can't contact LDAP server

Any suggestions?

 

fortigate-blurred.png

Labels:
569
0 Kudos
2 REPLIES 2
johnathan
Staff
Staff

Created on ‎09-24-2024 11:56 AM

I would verify the FortiGate can resolve that domain properly by doing 'exec ping trial-xxxx.ldap.okta.com'.
If the firewall can resolve that fine, I would make sure it is reaching out properly by doing a sniffer.
The command for that would be 'di sni pack any 'port 636' 4 0 l'.
I would run that command, then test connectivity again. 

"Never trust a computer you can't throw out a window."
532
0 Kudos
FortiArt
Staff
Staff

Created on ‎09-24-2024 02:26 PM

You can start by disabling secure LDAP (secure connection radio button) to test if this resolve the issue. If it resolved this narrow down the problem to security certificate mismatch or so. Make sure the Username to query LDAP has sufficient privileges' to after confirming DNS resolution and reachability. In addition you can try different Bind Types and see if this helps

501
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.