Hot!Invalid LDAP server: Timed out |and | Invalid LDAP server: Can't contact LDAP server

Author
lecarbajal
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/11/02 13:04:10
  • Status: offline
2017/04/26 09:36:41 (permalink)
0

Invalid LDAP server: Timed out |and | Invalid LDAP server: Can't contact LDAP server

Hi,
 
We have a fortigate 100C running 5.4 code, we want to setup a secondary ldap server  ( backup) for ssl users, when we try to connect the ldap ( over a vpn tunnel) we for the below error message
 
Invalid LDAP server: Timed out |and | Invalid LDAP server: Can't contact LDAP server
 
We are not blocking the traffic ( all permit ports/ips)  what could be the problem? I tried to reach the server from the firewall but need to specify a source ip otherwise the ping is not working. 
 
thank you,
#1

6 Replies Related Threads

    Jeff_FTNT
    Gold Member
    • Total Posts : 228
    • Scores: 21
    • Reward points: 0
    • Joined: 2005/06/14 16:27:00
    • Status: offline
    Re: Invalid LDAP server: Timed out |and | Invalid LDAP server: Can't contact LDAP server 2017/05/04 11:44:03 (permalink)
    0
    You may to increase ldap timeout.  Default value is 500 milliseconds
    config system global
    set ldapconntimeout xxx
    end
    #2
    andmag
    New Member
    • Total Posts : 7
    • Scores: 1
    • Reward points: 0
    • Joined: 2017/05/10 05:28:12
    • Status: offline
    Re: Invalid LDAP server: Timed out |and | Invalid LDAP server: Can't contact LDAP server 2017/05/11 02:02:00 (permalink)
    0
    Hi!
     
    The FG uses public ip for your WAN-Interface so you need to put that in crypto for the VPN-Tunnel. Don´t forget host/sunbnet for the LDAP-Server on the remote side :)
     
    #3
    emnoc
    Expert Member
    • Total Posts : 5748
    • Scores: 373
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: offline
    Re: Invalid LDAP server: Timed out |and | Invalid LDAP server: Can't contact LDAP server 2017/05/11 20:46:52 (permalink)
    5 (1)
    Negative, you don't have to do that. Just  apply the source ip address that's allowed over the vpn-tunnel
     
    e.g
    config user ldap
        edit "TESTAD"
            set server "10.12.1.1"
            set secondary-server ''
            set tertiary-server ''
            set source-ip 10.10.10.1
            set cnid "cn"
            set dn ''
            set type simple
            set group-member-check user-attr
            set secure disable
            set port 389
            set password-expiry-warning disable
            set password-renewal disable
            set member-attr "memberOf"
            unset search-type
        next
    end
     
     
    in this case 10.0.10.1 would be my  fortigate inside lan address, loop,etc....
     
    Ken

    PCNSE 
    NSE 
    StrongSwan  
    #4
    akatzkac
    New Member
    • Total Posts : 1
    • Scores: 0
    • Reward points: 0
    • Joined: 2016/08/29 12:51:48
    • Status: offline
    Re: Invalid LDAP server: Timed out |and | Invalid LDAP server: Can't contact LDAP server 2017/06/26 14:24:04 (permalink)
    0
    Emnoc's source-ip assignment did the trick for me.
    #5
    mfmsgk
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/05/03 02:49:08
    • Status: offline
    Re: Invalid LDAP server: Timed out |and | Invalid LDAP server: Can't contact LDAP server 2018/05/03 03:37:58 (permalink)
    0
    Hello,

    I have an issue with my ldap setup, initially everything was working and was successful and second day it’s giving an error TIMED OUT, wht do you think can cause the issue?

    Fortigate 90D
    #6
    shehab
    New Member
    • Total Posts : 8
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/06/11 13:44:12
    • Status: offline
    Re: Invalid LDAP server: Timed out |and | Invalid LDAP server: Can't contact LDAP server 2020/06/11 13:51:12 (permalink)
    0
    I know its a bit old, but I have a better answer for this for new comers.
     
    The problem is not related to time-out , because the ldap is 1 ms away from the fortigate.
    its not related to source-ip because I build a simple scenario and I got the same error , even without the vpn-tunnel.
     
    The solution was in Distinguished Name.
     
    And by the way, there is a misunderstanding here about the DN, its where you want the fortigate to start searching for the users. make sure you define it correctly.
     
    Regards,
    Mahmood
     
     
     
     
    #7
    Jump to:
    © 2020 APG vNext Commercial Version 5.5