Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
lecarbajal
New Contributor

Invalid LDAP server: Timed out |and | Invalid LDAP server: Can't contact LDAP server

Hi,

 

We have a fortigate 100C running 5.4 code, we want to setup a secondary ldap server  ( backup) for ssl users, when we try to connect the ldap ( over a vpn tunnel) we for the below error message

 

Invalid LDAP server: Timed out |and | Invalid LDAP server: Can't contact LDAP server

 

We are not blocking the traffic ( all permit ports/ips)  what could be the problem? I tried to reach the server from the firewall but need to specify a source ip otherwise the ping is not working. 

 

thank you,

6 REPLIES 6
Jeff_FTNT
Staff
Staff

You may to increase ldap timeout.  Default value is 500 milliseconds

config system global

set ldapconntimeout xxx

end

andmag
New Contributor

Hi!

 

The FG uses public ip for your WAN-Interface so you need to put that in crypto for the VPN-Tunnel. Don´t forget host/sunbnet for the LDAP-Server on the remote side :)

 

emnoc
Esteemed Contributor III

Negative, you don't have to do that. Just  apply the source ip address that's allowed over the vpn-tunnel

 

e.g

config user ldap

    edit "TESTAD"

        set server "10.12.1.1"

        set secondary-server ''

        set tertiary-server ''

        set source-ip 10.10.10.1

        set cnid "cn"

        set dn ''

        set type simple

        set group-member-check user-attr

        set secure disable

        set port 389

        set password-expiry-warning disable

        set password-renewal disable

        set member-attr "memberOf"

        unset search-type

    next

end

 

 

in this case 10.0.10.1 would be my  fortigate inside lan address, loop,etc....

 

Ken

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
akatzkac
New Contributor

Emnoc's source-ip assignment did the trick for me.

mfmsgk
New Contributor

Hello, I have an issue with my ldap setup, initially everything was working and was successful and second day it’s giving an error TIMED OUT, wht do you think can cause the issue? Fortigate 90D
shehab
New Contributor III

I know its a bit old, but I have a better answer for this for new comers.

 

The problem is not related to time-out , because the ldap is 1 ms away from the fortigate.

its not related to source-ip because I build a simple scenario and I got the same error , even without the vpn-tunnel.

 

The solution was in Distinguished Name.

 

And by the way, there is a misunderstanding here about the DN, its where you want the fortigate to start searching for the users. make sure you define it correctly.

 

Regards,

Mahmood

 

 

 

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors