Skip to Content

Solved: How do I fix LDAP error message ‘fnbamd_ldap_parse_response-Error 10’?

This article describes how to resolve LDAP Error Code 10 – ‘fnbamd_ldap_parse_response-Error 10’

Solution

The LDAP server is configured as below

Solved: How do I fix LDAP error message ‘fnbamd_ldap_parse_response-Error 10’?

When the credential is tested out with debug enabled as below, the LDAP error 10 code is received in the debug logs

# diagnose debug enable
# diagnose debug application fnbamd 255
# diagnose test authserver ldap Test-LDAP AD.local\asmith Password1

[1906] handle_req-Rcvd auth req 2072354468 for AD.local\asmith in Test-LDAP opt=0000001b prot=0
[466] __compose_group_list_from_req-Group 'Test-LDAP ', type 1
[616] fnbamd_pop3_start-johndoe
[989] __fnbamd_cfg_get_ldap_list_by_server-
[995] __fnbamd_cfg_get_ldap_list_by_server-Loaded LDAP server 'Test-LDAP '
[1150] fnbamd_cfg_get_ldap_list-Total ldap servers to try: 1
[1717] fnbamd_ldap_init-search filter is: SAMAccountName=AD.local\asmith
[1727] fnbamd_ldap_init-search base is: DC=AD,DC=local\3B <----- Username and base DN for LDAP search
[1149] __fnbamd_ldap_dns_cb-Resolved Test-LDAP:192.168.1.20 to 192.168.1.20, cur stack size:1
[924] __fnbamd_ldap_get_next_addr-
[1154] __fnbamd_ldap_dns_cb-Connection starts Test-LDAP :192.168.1.20, addr 192.168.1.20
[879] __fnbamd_ldap_start_conn-Still connecting 192.168.1.20.
[633] create_auth_session-Total 1 server(s) to try
[1107] __ldap_connect-tcps_connect(192.168.0.72) is established.
[985] __ldap_rxtx-state 3(Admin Binding)
[363] __ldap_build_bind_req-Binding to 'AD.local\johndoe' <------- Admin bind
[1083] fnbamd_ldap_send-sending 37 bytes to 192.168.1.20
[1096] fnbamd_ldap_send-Request is sent. ID 1
[985] __ldap_rxtx-state 4(Admin Bind resp)
[1127] __fnbamd_ldap_read-Read 8
[1233] fnbamd_ldap_recv-Leftover 2
[1127] __fnbamd_ldap_read-Read 14
[1306] fnbamd_ldap_recv-Response len: 16, svr: 192.168.1.20
[987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:1, type: bind
[1023] fnbamd_ldap_parse_response-ret=0 <-------- Admin bind successful
[1052] __ldap_rxtx-Change state to 'DN search'
[985] __ldap_rxtx-state 11(DN search)
[750] fnbamd_ldap_build_dn_search_req-base:'DC=AD,DC=local\3B' filter:SAMAccountName=AD.local\asmith <--------Next step
[1083] fnbamd_ldap_send-sending 79 bytes to 192.168.1.20
[1096] fnbamd_ldap_send-Request is sent. ID 2
[985] __ldap_rxtx-state 12(DN search resp)
[1127] __fnbamd_ldap_read-Read 8
[1233] fnbamd_ldap_recv-Leftover 2
[1127] __fnbamd_ldap_read-Read 136
[1306] fnbamd_ldap_recv-Response len: 138, svr: 192.168.1.20
[987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:2, type:search-result
[1009] fnbamd_ldap_parse_response-Error 10(0000202B: RefErr: DSID-03100808, data 0, 1 access points ref 1: 'AD.local;'

Symptoms of this issue after configuring the LDAP server are that the ‘Test Connectivity’ is successful but the ‘Test user credentials’ fails and when the admin tries to pull the users from the LDAP directory, it is unsuccessful.

This issue occurs because of an invalid base DN in the LDAP configuration in the FortiGate, which could include typo errors or non-existent base DN. Therefore, make sure that the LDAP configuration is correct.

In the above example, while configuring DN, a typo, semi-colon (;) is introduced mistakenly after ‘dc=local;’. This is evident from the ‘fnbamd debug log’ snippet (below) as ‘3B’ in hexadecimal is a semi-colon.

fnbamd_ldap_init-search base is: DC=AD,DC=local\3B

Removing the semi-colon from the configuration fixes the error message. The user is successfully able to authenticate, and user data can also be pulled from the LDAP server.

Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that is committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we have not implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you are currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.