This article describes how to troubleshoot when the FortiMail fails to sync with the LDAP server.
Scope
FortiMail.
Solution
Step 1: Make sure the FortiMail can reach the LDAP server over port 389 (LDAP) or port 636 (LDAPS).
Step 2: Verify if the below system event log is generated on the system event log:
ldapcached: type=User, file=QueryFactory.cpp, line=561, exception=LDAPException( 4 ) , Connection.cpp:470, 'Error: 'Invalid credentials' during bind to ldap://[LDAP IP]:389/'LDAPException( 4 ) , Connection.cpp:508,
Step 3: Do a packet capture in the FortiMail and reproduce the issue and if a similar error is visible in the pcap file like the screenshot below, it means the LDAP Bind Account credential configured in the FortiMail is not correct.
Step 4: Go to Profile > LDAP > LDAP profile > Default Bind Option and make sure the LDAP bind account is configured correctly.
Step 5: It should work after the LDAP bind account credential is configured correctly in the FortiMail.