LDAP Authentication to remote LDAP server on remote site to site

dethangel · ‎03-01-2018

Hi all,

Not sure where this topic should be posted since it overlaps between IPSEC site to site and LDAP authentication, but i'll give it a go here.

I'm having a peculiar request:

1. 2 sites on a site to site VPN - Site A (main office) & Site B (branch office)

2. At present the connection from B to A is not in a route all state, and each site goes out through its own connection for internet access

3. Site A's VPN access is authenticated through LDAP to their Local Active Directory in Site A

Now there is a requirement where I need to allow users from site B to access via site A's VPN

My question is:

1. How do i reach site B's Active Directory / LDAP through the site to site for this authentication to occur?

2. Locally, on site A, it is able to ping site B's Active Directory server

3. I've created the LDAP entry on the Fortigate, but it is unable to reach

Could someone point what I may have missed out?

Fishbone_FTNT · ‎03-01-2018

Hi, not sure if I understand the question, but maybe the problem is in source IP address. If the IPsec tunnel is not addressed, system will use another IP for the source address of the LDAP connection, which is possibly not routable/reachable on the other side with LDAP server.

Fishbone)(

smithproxy hacker - www.smithproxy.org

View solution in original post

Marco · ‎03-03-2018

Hi dethangel

please look at the soure-ip parameter in the ldap configuration on the branch office FortiGate.

config user ldap

edit <your-ldap-entry>

set source-ip x.x.x.x

set the ip to the internal ip address of your FortiGate.

Marco