Description |
This article describes a solution for the error in FortiAuthenticator: '…Sync rule ... was aborted because LDAP server '...' returned an empty result and enforced empty response is disabled. It is not clear whether this is an expected result or a misconfiguration. Please check your configuration...' |
Scope | FortiAuthenticator, LDAP, Authentication. |
Solution |
If the LDAP group has a new member (user), FortiAuthenticator will sync to its database:
The FortiAuthenticator log will show messages of 'Retrieved users from remote LDAP server...'
The FortiAuthenticator will also show that the sync rule had failed to do its task:
In conclusion, if there is an error message like the one described in this article, the customer should check the LDAP groups in the AD server. There is a possible workaround to enable the option 'Proceed with rule even when response empty' which enforces the synchronization rule even when the LDAP response is empty. Use this option with caution, for more information check the admin guide:
Related document: |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.