This article describes when LDAP authentication fails although LDAP Test indicates Success.
Scope
FortiEDR.
Solution
LDAP authentication integrates with Active Directory and authenticates users to log in to FortiEDR Central Manager.
Sometimes, the LDAP test indicates ‘Success,’ but the LDAP authentication fails with correct user credentials.
Below are sample outputs when the LDAP test indicates ‘Success,’ but the authentication fails.
The issue happens with the LDAP group settings either in FortiEDR Central Manager or the Active Directory server.
Follow these steps to rectify the LDAP authentication issue:
Step 1: Verify the LDAP group configuration in Active Directory.
Step 2: Check the group membership of the user in the Active Directory.
Step 3: In Role/Group mapping, the group must be set up using the LDAP group DN, but the current setting uses only the LDAP group name.
Step 4: To check the LDAP group DN, run ‘dsquery group -name ‘Group_Name” to identify the correct DN on the Active Directory server. If the LDAP group is not created yet, create the group first.
Step 5: Update the Group settings to the LDAP group DN from Step 4:
Step 6: Save the change and log in again with LDAP user credentials under the LDAP groups:
Step 7: Once the login is successful, download the audit log under Administration > Tools > Audit Trail, to confirm the LDAP user logged into the system
