| Description |
This article describes using the CLI commands to configure LDAP-related configuration at the secondary FortiManager. |
| Scope | FortiManager v7.2 and v7.4. |
| Solution |
By FortiManager HA design, LDAP-related configuration of the primary FortiManager will not synchronize to the secondary FortiManager:
This is because FortiManager's high availability supports geographic redundancy so both the primary & secondary units can be in different locations. Hence, this is to accommodate that there might be different servers used for authentication which are located in different locations.
The secondary FortiManager is unable to modify the configuration in GUI.
Scenario 1: The primary FortiManager has created an LDAP server, and it will not be synchronized to the secondary FortiManager:
The primary FortiManager runs and copies the CLI commands:
config system admin ldap show
Scenario 2: The primary FortiManager has created an LDAP administrator user, and will not be synchronized to the secondary FortiManager.
The primary FortiManager runs and copies the CLI commands:
config system admin user show
OR:
edit <LDAP User Account Name> show
Related articles: Technical Tip: LDAP: Using Active Directory Nested Groups to authorize system administrators |
