Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
FortiKoala
Staff
Staff

Created on ‎09-28-2018 05:42 AM

Article Id 192380

Technical Note: LDAP server credential validation fails

Description
Unable to validate credentials for a directory under System > Settings > Authentication > LDAP using valid LDAP account credentials.   The following message is displayed:

"Connection: Failed to connect to directory"



Scope
Version: 8.x

Solution
If "Connect by name" is enabled, check the following:

Appliance is able to resolve the hostname of the LDAP server listed in the LDAP configuration.  One way to verify is by pinging the name populated in the Name field.  In the Control Server CLI, type

ping <hostname>

Example:
> ping WIN-QSH73DPRRK6.SupportLAB.fortinac.com
PING WIN-QSH73DPRRK6.SupportLAB.fortinac.com (10.12.240.10) 56(84) bytes of data.
64 bytes from 10.12.240.10 (10.12.240.10): icmp_seq=1 ttl=128 time=0.067 ms

If not resolving the name to an IP address, add the hostname of the LDAP server to the production DNS server. 

- If Security protocol = none, deselect Connect by name.  The IP address will be used to connect to the LDAP server instead of the name.





If Security Protocol option = SSL or STARTTLS check the following:

- LDAP server has a valid SSL certificate installed. The certificate will not be trusted by the appliance if expired or otherwise invalid. 

- Connect by name is selected in the LDAP Server configuration under System > Settings > Authentication > LDAP.

- Hostname of the LDAP server listed is resolvable and matches the name on the certificate.

- If required by the LDAP server, a client certificate has been imported to the keystore under /bsc/campusMgr/ of the appliance.

Note:  The requirement for the client certificate is dependent upon the directory configuration.  Refer to the applicable vendor documentation.


If client certificate is required, Create a keystore to import certificate.  For instructions, see section Create a keystore for SSL or TLS of the Administration Guide in the  Fortinet Document Library.


For additional LDAP configuration information, see section Configuration of the Administration Guide in the Fortinet Document Library.


Related Articles

Technical Note: LDAP server SSL and TLS connections require trusted name

Labels:
2857
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.