We have many logs on FortiAuthenticator as below:
Still keep remote LDAP user xxx though it has ceased existing remotely
And
Cannot assign an FTM token to…..? Or Failed to sync remote LDAP user
Please let me know what does this means of these logs
Thanks
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Are these two alerts coming for same not existing user or happens with every user you are trying to assign token ?
Do you have available tokens to assign ?
Does this user has a defined email on the remote LDAP ?
Please provide full logs shown, it must be more explanatory about the issue.
Please provide also what @ndumaj requested, it is wise to check from firmware perspective.
Hello GiangNH
What is your FAC software version?
Please can you provide us a screenshot or full message log?
Did the issue appeared after any upgrade?
BR
My software version is v6.2.1. We don't upgrade anything
Hello @GiangNH ,
In addition to @ndumaj
From explanation "Still keep remote LDAP user xxx though it has ceased existing remotely" it looks like this user is not existing anymore on the remote server but still exists in FAC
Looks like related to this option here:
Is this option enabled of disabled?
Regards!
We enable feature Do not delete synced users when they are no longer found on the remote server. So what's aboout alert, Cannot assign an FTM token to…..? Or Failed to sync remote LDAP user, Do you have any idea
Are these two alerts coming for same not existing user or happens with every user you are trying to assign token ?
Do you have available tokens to assign ?
Does this user has a defined email on the remote LDAP ?
Please provide full logs shown, it must be more explanatory about the issue.
Please provide also what @ndumaj requested, it is wise to check from firmware perspective.
This alert comes from not existing user.
We have available token to assign
My firmware version is v6.2.1
Hi,
Does this user exist on your LDAP server?
Do you see this user on FAC Remote users? If yes, Does this user has a defined email address?
Please review the following article:
https://community.fortinet.com/t5/FortiAuthenticator/Troubleshooting-Tip-Remote-User-Sync-rules-on-F...
BR
Hi,
May I know purpose when this option is enable?
Hi:
Do not delete synced users when they are no longer found on the remote server -->
Select to ensure that synchronized users are not deleted when they are no longer found on the remote server. This option is only available when Proceed with rule even when response empty is disabled.
Also review the Guide below:
https://docs.fortinet.com/document/fortiauthenticator/6.2.1/administration-guide/215969
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1632 | |
1063 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.