LDAP interface used in GUI and CLI are not the same

T2P · ‎05-25-2021

Hi,

I'm new with Fortigate and we have deployed an AWS EC2 Fortigate NGFW v7.0.0 build0066 in one of AWS regions.

We want to allow internet access to users thru their Active Directory accounts/groups.

And, we're testing LDAP as a possible solution.

The firewall is configured in split-VDOM (Root and FG-Traffic)

Creation of the LDAP in the console was successful. Testing of user and credentials are okay.

And, directory tree was displayed when browsed.

But when we closed and save the LDAP creation window and access it again the LDAP failed with an error of lda_-3 or Invalid LDAP server. Same thing happens if we repeat the same to create a new LDAP server in the console.

In our troubleshooting, we found out that the console or GUI uses the Management interface to communicate with the AD server. While in CLI, the interface used was the interface we set in "set source-IP xxx.xxx.xxx.xxx. Testing in CLI seems consistently successful.

Seems the set source-IP is not being used in the console/GUI.

How do we make the LDAP GUI use the same IP we set in "set source-IP.." in CLI?

Please help.

Thanks and regards,

Tony

Hemin88 · ‎03-04-2025

Hi @T2P

Could you please share your config?
Also, the firewall rule that allows comms with the AD

Thanks
Hemin

IP Network Engineer

dingjerry_FTNT · ‎03-04-2025

Hi @T2P ,

Do you have HA enabled for your FGT? If yes, please share your HA configuration.

show sys ha

Regards,

Jerry

LDAP interface used in GUI and CLI are not the same

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website