FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
btey
Staff
Staff
Article Id 194003
Description
This article describes what debug log means when ‘fnbamd_ldap_parse_response-Error 34’ is checked and what is the solution to fix it.

When the client accesses the LDAP Server via FortiGate , the error messages captured by FortiGate is showing as below, and cannot access to it normally.

Solution
In fnbamd debug logs, the error message is founded when tried to log on via the LDAP server.
[981] __ldap_rxtx-state 11(DN search)
[751] fnbamd_ldap_build_dn_search_req-base:'dc=test\2C dc=lab' filter:sAMAccountName=xxxx
[981] __ldap_rxtx-state 12(DN search resp)
[1127] __fnbamd_ldap_read-Read 8
[1127] __fnbamd_ldap_read-Read 94
[1307] fnbamd_ldap_recv-Response len: 96, svr: x.x.x.x
[988] fnbamd_ldap_parse_response-Got one MESSAGE. ID:2, type:search-result
[1010] fnbamd_ldap_parse_response-Error 34(0000208F: LdapErr: DSID-0C090A90, comment: Error processing name, data 0, v4563)
[1023] fnbamd_ldap_parse_response-ret=34
LDAP Error Codes, LDAP Error Codes is a Result Code indicating something went wrong.
Error LDAP 34: Invalid syntax for DN
Check on the DN syntax in the LDAP configuration.
Example:
# config user ldap
    edit "LDAP_Server"
        set server "X.X.X.X"
        set cnid "sAMAccountName"
        set dn "dc=test, dc=lab"                <----- Set dn 'dc=test,dc=lab', additional space between.
end
Refer to https://tools.ietf.org/html/rfc2253 for UTF-8 String Representation of Distinguished Names.

Contributors