Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
cdoggyd
New Contributor II

Fortigate VPN & Okta LDAP

I'm running a free trial with Okta, and I'm trying to configure Okta as an LDAP server to authenticate Fortigate VPN users. I have the LDAP Interface set up in Okta already. When I go to set up the LDAP server in the Fortigate, I'm getting an error each time I test connectivity:

Can't contact LDAP server

Any suggestions?

 

fortigate-blurred.png

2 REPLIES 2
johnathan
Staff
Staff

I would verify the FortiGate can resolve that domain properly by doing 'exec ping trial-xxxx.ldap.okta.com'.
If the firewall can resolve that fine, I would make sure it is reaching out properly by doing a sniffer.
The command for that would be 'di sni pack any 'port 636' 4 0 l'.
I would run that command, then test connectivity again. 

"Never trust a computer you can't throw out a window."
FortiArt
Staff
Staff

You can start by disabling secure LDAP (secure connection radio button) to test if this resolve the issue. If it resolved this narrow down the problem to security certificate mismatch or so. Make sure the Username to query LDAP has sufficient privileges' to after confirming DNS resolution and reachability. In addition you can try different Bind Types and see if this helps

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors