I may have hours of experience on both FAC and Open-LDAP, and I am trying to make the LDAP import user part working for me. So far, I have already setup an Open-LDAP on 10.106.6.160, and is trying to see if I could import these users to my FAC.
1). Here is my LDAP edit page, where I always have to input values on these "query elements" fields on that page, which are not optional part.
2) When I have the previous page saved, and click the "import users" button, and have reached the "Import Remote LDAP Users" page. Without any extra editing, I was able to see 5 created LDAP user account here. But while I was to have them imported to FAC, I have got such failure:
Unable to import " uid=testGeeks1,out=people,dc=pluto,dc=fortinet,dc=com": entry does not match the configured filter. "
Any ideas what I did wrong here ? Thanks,
Jack
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello Jack,
Thank you for reaching out.
It looks like the attribute values configured on FortiAuthenticator and OpenLDAP do not match.
Could you please change the value for ObjectClass from "person" to "posixAccount" and test again.
If it does not work please check you LDAP settings what is configured under ObjectClass for that user and try to match in FortiAuthenticator.
Please check and let us know.
Thanks for the response, I have done what you suggested on the first setup page, here is the screenshot from the 2nd import page.
As you may find,
1) I have changed from "person" to "posixAccount" on the LDAP setup page, and this is used as the filter value on this import page.
2) I am doing the single users import mode.
3) When I select "testGeeks1", and try to have it imported, I have seen such error messages at the top of the page.
Thanks,
Jack
Hello Jack,
Thank you for your update.
Now i believe you should replace the Username attribute under the LDAP configuration.
Can you please try add "uid" instead of "testGeeks" and share results.
Regards!
Thanks for the Tips. I have tried "import users" option, it did have the users imported from LDAP !
But my next question is, how to make the similar type of import, if I was to select "import users by group memberships" option. ? The above 3 users are of the same group. When I was to select this option, nothing was imported in the end.
Thanks,
Jack
Hello Jack,
You need to correct the filter when searching for the group membership.
What is the filter shown when you try to import users from group membership ?
Does this filter shows the users ?
What was the filter when importing a single user ?
Please try again importing with group membership and check on the logs, what it says for this import ?
Regards,
Dorel
This was the filter page when I use the "import users" option to have the users imported.
When I was to do "import users by group memberships", I have chosen the "Group attribute" button, instead of "User attribute" button on that page.
I mean like here :
Now we see the filter used for this group membership
If you still face an error remember to share the error here.
Check what is configured for this user as object class on the remote server and match the config in FAC. Edit the filter properly.
This is the settings on my "Import Remote LDAP Users by Group Memberships" page:
I see that filter is working and showing the entries. Now if you select "ou=people " and try to import does it fail ?
If Yes show the error.
Try also to change the value from "posixGroup" to "InetOrgPerson" .
Let me know.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1697 | |
1092 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.