Hi all,
We have an LDAP UNIX server and we want to connect FAC to the LDAP. We could see all of users but we can't import users (Remote Users => Import). When we try to import users, a message error appair : Unable to import "uid=****,ou=users,ou=**,dc=**,dc=***": entry does not match the configured filter".
Any help would be appreciated.
Thanks,
Ali
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello AliE,
I have found this document:
Could you please have a look and tell me if it helped?
If not, we will continue to look for another solution.
Regards,
Hey Ali,
maybe a stupid question - if you don't set a filter for 'ObjectClass=person', can you import the user, or does that also result in an error?
In addition, it may be worth checking in your remote LDAP server settings on FortiAuthenitcator that you have the correct mapping for username attribute etc.
Hi,
as "entry does not match the configured filter" and as it is supposed to be OpenLDAP.
Then I would check and make sure that proper template is used in your FortiAuthenticator in LDAP server config. And more importantly that this fit to your OpenLDAP and schemas it uses. Use some LDAP browser (MSFT Windows do have one built in ldp.exe but it's ugly and not user friendly, honestly) to check what are your users and their properties.
Example from my test OpenLDAP:
Because your set LDAP filter is: (objectClass=person)
Check your OpenLDAP and properties of so called user objects.
Check and make sure that they are objectClass = person.
Because some of mine are for example "objectClass = inetOrgPerson; posixAccount" , not a "person" !
That filter might came from default setting in FortiAuthenticator and from applied OpenLDAP template in LDAP Remote Auth. Server config .. its default looks like this:
Feel free to tweak those settings according to your OpenLDAP server.
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
Created on 08-28-2023 05:00 PM Edited on 08-28-2023 05:35 PM
I have hit a similar issue, have created a new thread here, if someone can help. https://community.fortinet.com/t5/Support-Forum/Not-able-to-import-Open-LDAP-user-to-FortiAuthentica...
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.