I am trying to enable LDAPS on our Fortigate 60F. We currently have LDAP
to a DC working, but when I enable LDAPS over port 636 and click 'Test
Connectivity' I get the error message 'Can't contact LDAP server'. This
is before selecting a certificate....
Thanks for the reply, I posted a reply to another comment that enabling
LDAPS (without certificate) is working now, the error message was caused
by a bug in the GUI. However, I am still getting the error message when
I select the certificate.The cert...
Update on this, when setting the LDAPS setting before in the GUI, I had
never clicked the 'OK' button to save the configuration, because I
didn't want to break the current LDAP configuration during business
hours. When I set the LDAPS setting (no cer...
That makes more sense, here is the output for the LDAP server,
sanitized: config user ldap edit "LDAPSERVER" set server
"LDAPSERVERFQDN" set server-identity-check disable set cnid
"sAMAccountName" set dn "dc=DOMAINNAME,dc=com" set type regular set
us...
I have added inbound rules on Windows Defender Firewall on the DC for
ports 389, 636, and 3269. I also ran the packet sniffer from the
Fortigate and traffic was sent and received from the DC over port 636