Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
torgnyw
New Contributor

Created on ‎09-19-2016 08:32 AM

Problem Browsing LDAP Tree if Alternative Email address is present on user

Hi,

 

I'm unable to browse som user objects in LDAP Tree if the user object has alternative email addresses specified in local user object. I was expecting to see rfc822MailMember attributes for the alternative email addresses, but the query fails. I Can use an LDAP browser tool and list all user objects, im able to see all attributes on user without alternative email addresses.

 

Any suggestions?

Im running firmware: v4.00-build0081-20160601-patch00

 

\\

Torgny

\\ Torgny

\\ Torgny
3774
0 Kudos
3 REPLIES 3
xsilver_FTNT
Staff
Staff

Created on ‎09-20-2016 07:53 AM

any errors / screenshots ?

any details where do you have the issue (are you browsing LDAP from remote user sync , or from user import .. there is more than one place where to start LDAP search and filter) ?

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

1821
0 Kudos
torgnyw
New Contributor
In response to xsilver_FTNT

Created on ‎09-20-2016 11:21 AM

I have local users that i have placed in LDAP Tree.

Then I have FortiMail connect via LDAP to FortiAuthenticator to get mail aliases.

I couldn't get it to work, so I used an LDAP browser (from my computer) to look at the attributes on the user objects (on Authenticator). I can only browse the objects without additional email addresses. If I try to browse attributes on a user object with alternative email addresses the Browser software throws a Error (COM Error) or No Connection.

 

\\ Torgny

\\ Torgny
1821
0 Kudos
xsilver_FTNT
Staff
Staff
In response to xsilver_FTNT

Created on ‎09-21-2016 12:48 AM

interesting discovery.

I would suggest to open a ticket on Fortinet support site (through FortiCare or better through Fortinet Partner who has access).

And attach your :

- FAC (FortiAuthenticator) config backup

- debug reports (all) from FAC

- log from FAC

- any error screenshots from LDAP browser you have used, info which user you have used to access LDAP (authenticated connection to FAC LDAP)

- if it's not obvious from screenshots, please, mention date & time when it happened so we (TAC) can correlate error appearence with logs and reports from FAC

 

So far I'm not sure if it's a misconfiguration or a bug in the system.

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

1821
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.