- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Problem import user LDAP UNIX (OpenLDAP) FortiAuthenticator
Hi all,
We have an LDAP UNIX server and we want to connect FAC to the LDAP. We could see all of users but we can't import users (Remote Users => Import). When we try to import users, a message error appair : Unable to import "uid=****,ou=users,ou=**,dc=**,dc=***": entry does not match the configured filter".
Any help would be appreciated.
Thanks,
Ali
- Labels:
-
FortiAuthenticator v5.5
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello AliE,
I have found this document:
Could you please have a look and tell me if it helped?
If not, we will continue to look for another solution.
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey Ali,
maybe a stupid question - if you don't set a filter for 'ObjectClass=person', can you import the user, or does that also result in an error?
In addition, it may be worth checking in your remote LDAP server settings on FortiAuthenitcator that you have the correct mapping for username attribute etc.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
as "entry does not match the configured filter" and as it is supposed to be OpenLDAP.
Then I would check and make sure that proper template is used in your FortiAuthenticator in LDAP server config. And more importantly that this fit to your OpenLDAP and schemas it uses. Use some LDAP browser (MSFT Windows do have one built in ldp.exe but it's ugly and not user friendly, honestly) to check what are your users and their properties.
Example from my test OpenLDAP:
Because your set LDAP filter is: (objectClass=person)
Check your OpenLDAP and properties of so called user objects.
Check and make sure that they are objectClass = person.
Because some of mine are for example "objectClass = inetOrgPerson; posixAccount" , not a "person" !
That filter might came from default setting in FortiAuthenticator and from applied OpenLDAP template in LDAP Remote Auth. Server config .. its default looks like this:
Feel free to tweak those settings according to your OpenLDAP server.
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
Created on 08-28-2023 05:00 PM Edited on 08-28-2023 05:35 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have hit a similar issue, have created a new thread here, if someone can help. https://community.fortinet.com/t5/Support-Forum/Not-able-to-import-Open-LDAP-user-to-FortiAuthentica...