Skip to Content

How to Rectify LDAP Test Indicates Success but Authentication Fails with Active Directory

This article describes when LDAP authentication fails although LDAP Test indicates Success.

Scope

FortiEDR.

Solution

LDAP authentication integrates with Active Directory and authenticates users to log in to FortiEDR Central Manager.

Sometimes, the LDAP test indicates ‘Success,’ but the LDAP authentication fails with correct user credentials.

Sometimes, the LDAP test indicates 'Success,' but the LDAP authentication fails with correct user credentials.

Below are sample outputs when the LDAP test indicates ‘Success,’ but the authentication fails.

Below are sample outputs when the LDAP test indicates 'Success,' but the authentication fails

The issue happens with the LDAP group settings either in FortiEDR Central Manager or the Active Directory server.

Follow these steps to rectify the LDAP authentication issue:

Step 1: Verify the LDAP group configuration in Active Directory.

Step 2: Check the group membership of the user in the Active Directory.

Step 3: In Role/Group mapping, the group must be set up using the LDAP group DN, but the current setting uses only the LDAP group name.

In Role/Group mapping, the group must be set up using the LDAP group DN, but the current setting uses only the LDAP group name.

Step 4: To check the LDAP group DN, run ‘dsquery group -name ‘Group_Name” to identify the correct DN on the Active Directory server. If the LDAP group is not created yet, create the group first.

To check the LDAP group DN, run 'dsquery group -name 'Group_Name'' to identify the correct DN on the Active Directory server. If the LDAP group is not created yet, create the group first.

Step 5: Update the Group settings to the LDAP group DN from Step 4:

Update the Group settings to the LDAP group DN

Step 6: Save the change and log in again with LDAP user credentials under the LDAP groups:

Save the change and log in again with LDAP user credentials under the LDAP groups

Step 7: Once the login is successful, download the audit log under Administration > Tools > Audit Trail, to confirm the LDAP user logged into the system

Once the login is successful, download the audit log under Administration > Tools > Audit Trail, to confirm the LDAP user logged into the system