LDAP认证配置与排错

配置LDAP认证

  1. 配置接口地址和路由

    image-20230208163834235

    image-20230208163852215

    ping测试FortiGate与LDAP服务器之间的连通性。测试环境使用Windows AD作为LDAP服务器,地址是192.168.91.208。

    # execute ping 192.168.91.208
    PING 192.168.91.208 (192.168.91.208): 56 data bytes
    64 bytes from 192.168.91.208: icmp_seq=0 ttl=127 time=0.3 ms
    64 bytes from 192.168.91.208: icmp_seq=1 ttl=127 time=0.2 ms
    64 bytes from 192.168.91.208: icmp_seq=2 ttl=127 time=0.2 ms
    64 bytes from 192.168.91.208: icmp_seq=3 ttl=127 time=0.2 ms
    64 bytes from 192.168.91.208: icmp_seq=4 ttl=127 time=0.2 ms
    
    --- 192.168.91.208 ping statistics ---
    5 packets transmitted, 5 packets received, 0% packet loss
    round-trip min/avg/max = 0.2/0.2/0.3 ms
    
  2. 配置LDAP

    选择”用户与认证“-->LDAP,点击”新建“。

    image-20230209155530826

    配置参数:

    名称:输入一个名称,不冲突即可;

    服务器IP/名称:LDAP服务器的IP地址;

    服务器端口:LDAP通信端口,默认TCP 389;

    Common Name标识符:FortiGate用于识别连接用户的LDAP中对象的属性字段。Windows AD域使用sAMAccountName,OpenLDAP使用uid。这里使用Windows AD域;

    Distinguished Name:用于在LDAP服务器上查找用户帐户条目,反映了查找的CN标识符之上的LDAP的层次结构; 输入dc=fortibj,dc=com指定包含所有对象的域根; 输入ou=tac,dc=fortibj,dc=com查询指定组织单元下的用户;

    绑定类型:选择常规,使用提供的用户名和密码进行绑定,并从DN开始搜索并递归遍历子树;

    用户名:用户名支持的格式:格式1:CN=Administrator,CN=Users,DC=fortibj,DC=com;格式2:Administrator@fortibj.com。

    C:\Users\Administrator>dsquery user -name administrator
    "CN=Administrator,CN=Users,DC=fortibj,DC=com"
    

    密码:用户的密码;

    image-20230209161956136

    点击”确定“,配置完成。

    image-20230209162011229

    对应的命令行如下:

    config user ldap
        edit "LDAP208"
            set server "192.168.91.208"
            set cnid "sAMAccountName"
            set dn "dc=fortibj,dc=com"
            set type regular
            set username "CN=Administrator,CN=Users,DC=fortibj,DC=com"
            set password xxxxxxxx
        next
    end
    
  3. 查看LDAP目录结构

    当LDAP配置正确时,可以点击”浏览“,查看LDAP目录结构。

    image-20230209171849115

LDAP服务器测试

  1. FortiGate与LDAP服务器之间连通性测试

    GUI编辑LDAP服务器的配置界面,点击”测试连接性“。

    CLI语法测试连通性:

    # diagnose test authserver ldap-direct 
    [IP] [port number]
    

    CLI语法测试用户和密码是否正确:

    # diagnose test authserver ldap 
    <server_name> <username> <password>
    
    • 如果连接状态是”成功“,则FortiGate与LDAP服务器之间通信正常。

      image-20230209162218047

      对应CLI的测试结果:

      # diagnose test authserver ldap-direct 192.168.91.208 389
      LDAP server '192.168.91.208' status is OK
      
    • 如果连接状态是”无效的凭证“,则说明LDAP服务器的账号或者密码不正确。

      image-20230209162311642

      对应的命令行:

      # diagnose test authserver ldap LDAP208 administrator Test@123456
      authenticate 'administrator' against 'LDAP208' succeeded!
      Group membership(s) - CN=Group Policy Creator Owners,CN=Users,DC=fortibj,DC=com
                            CN=Domain Admins,CN=Users,DC=fortibj,DC=com
                            CN=Enterprise Admins,CN=Users,DC=fortibj,DC=com
                            CN=Schema Admins,CN=Users,DC=fortibj,DC=com
                            CN=Remote Desktop Users,CN=Builtin,DC=fortibj,DC=com
                            CN=Administrators,CN=Builtin,DC=fortibj,DC=com
                            CN=Domain Users,CN=Users,DC=fortibj,DC=com
      
    • 如果连接状态是”不能连接到LDAP服务器“,则说明到LDAP服务器不可达。

      image-20230209165239604

      对应CLI的测试结果:

      # diagnose test authserver ldap-direct 192.168.91.208 389
      LDAP server '192.168.91.208' status is Server unreachable
      
  2. 测试LDAP服务器中的用户及密码

    GUI编辑Radius服务器的配置界面,点击”测试用户认证信息“。

    CLI的语法:

    # diagnose test authserver ldap 
    <server_name> <username> <password>
    
    • 用户名或者密码不正确

      image-20230209164903688

      对应的CLI测试结果如下:

      # diagnose test authserver ldap LDAP208 user1 123456
      authenticate 'user1' against 'LDAP208' failed!
      
    • 用户名和密码正确

      image-20230209164959142

      对应的CLI测试结果如下,CLI显示了用户user1所在的用户组信息。

      # diagnose test authserver ldap LDAP208 user1 Pass@123456
      authenticate 'user1' against 'LDAP208' succeeded!
      Group membership(s) - CN=grp1,CN=Users,DC=fortibj,DC=com
                            CN=Domain Users,CN=Users,DC=fortibj,DC=com
      

其他LDAP配置参数

  1. 修改LDAP端口

    config user ldap
        edit LDAP208
            set port xx
        next
    end
    
  2. 指定原IP地址

    config user ldap
        edit LDAP208
            set source-ip x.x.x.x
        next
    end
    

创建ldap用户

  1. 选择“用户与认证”-->“设置用户”,点击新建

    image-20230210160651447

  2. 选择LDAP用户,点击“下一步”

    image-20230210160803618

  3. 选择配置好的LDAP服务器,点击“下一步”

    image-20230210160824132

  4. 这里添加user1,右击user1,点击“添加已选”

    image-20230210160915040

    点击“已选的”,查看选中的用户,确认无误后,点击“提交”。

    image-20230210161015313

  5. 完成LDAP用户创建

    image-20230210161121757

创建ldap用户组

  1. 选择“用户与认证”-->“用户组”,点击“新建”

    image-20230210161153662

  2. 配置LDAP

    设置FortiGate用户组名称 group1,在远程组中,点击“添加”,选择配置好的远程服务器,会自动显示出目录树,找到需要添加的用户组,这里选择grp1,右击“添加已选”,那么group1匹配远端LDAP用户组grp1中的用户。可以添加多个用户组,如再增加grp2,那么group1匹配远端LDAP用户组grp1和grp2中的用户。

    image-20230210161500003

    点击“已选的”,查看选中的用户组,确认无误后,点击“确认”。

    image-20230210161813433

  3. 点击确认

    image-20230210162041295

  4. 配置完成

    image-20230210162157351

注意:如果在group1用不选择任何用户组,那么group1匹配LDAP服务器配置的DN目录下的所有用户。

image-20230210162246690

LDAP认证debug

认证成功

  1. 准备查询的用户名user1和base DN。

    # diagnose debug application fnbamd -1
    # diagnose debug  enable
    
    [1906] handle_req-Rcvd auth req 730526726 for user1 in LDAP208 opt=0000001b prot=0
    [466] __compose_group_list_from_req-Group 'LDAP208', type 1
    [616] fnbamd_pop3_start-user1
    [989] __fnbamd_cfg_get_ldap_list_by_server-
    [995] __fnbamd_cfg_get_ldap_list_by_server-Loaded LDAP server 'LDAP208'
    [1150] fnbamd_cfg_get_ldap_list-Total ldap servers to try: 1
    
    [1717] fnbamd_ldap_init-search filter is: sAMAccountName=user1
    [1727] fnbamd_ldap_init-search base is: dc=fortibj,dc=com
    
    [1149] __fnbamd_ldap_dns_cb-Resolved LDAP208:192.168.91.208 to 192.168.91.208, cur stack size:1
    [924] __fnbamd_ldap_get_next_addr-
    [1154] __fnbamd_ldap_dns_cb-Connection starts LDAP208:192.168.91.208, addr 192.168.91.208
    [879] __fnbamd_ldap_start_conn-Still connecting 192.168.91.208.
    [633] create_auth_session-Total 1 server(s) to try
    [1107] __ldap_connect-tcps_connect(192.168.91.208) is established.
    
  2. LDAP管理员账号绑定。

    [985] __ldap_rxtx-state 3(Admin Binding)
    [363] __ldap_build_bind_req-Binding to 'CN=Administrator,CN=Users,DC=fortibj,DC=com'
    [1083] fnbamd_ldap_send-sending 69 bytes to 192.168.91.208
    [1096] fnbamd_ldap_send-Request is sent. ID 1
    
    [985] __ldap_rxtx-state 4(Admin Bind resp)
    [1127] __fnbamd_ldap_read-Read 8
    [1233] fnbamd_ldap_recv-Leftover 2
    [1127] __fnbamd_ldap_read-Read 14
    [1306] fnbamd_ldap_recv-Response len: 16, svr: 192.168.91.208
    [987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:1, type:bind
    response-ret=0    //绑定成功
    [1023] fnbamd_ldap_parse_response-ret=0
    
  3. 查询user1的DN。

    [1052] __ldap_rxtx-Change state to 'DN search'
    [985] __ldap_rxtx-state 11(DN search)
    [750] fnbamd_ldap_build_dn_search_req-base:'dc=fortibj,dc=com' filter:sAMAccountName=user1
    [1083] fnbamd_ldap_send-sending 73 bytes to 192.168.91.208
    [1096] fnbamd_ldap_send-Request is sent. ID 2
    
    [985] __ldap_rxtx-state 12(DN search resp)
    [1127] __fnbamd_ldap_read-Read 8
    [1233] fnbamd_ldap_recv-Leftover 2
    [1127] __fnbamd_ldap_read-Read 51
    [1306] fnbamd_ldap_recv-Response len: 53, svr: 192.168.91.208
    [987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:2, type:search-entry
    
  4. 查询成功,获得user1的DN是 xiaoming,OU=TAC,DC=fortibj,DC=com。

    response-ret=0    //查询成功,获得user1的DN是 xiaoming,OU=TAC,DC=fortibj,DC=com
    [1023] fnbamd_ldap_parse_response-ret=0
    [1225] __fnbamd_ldap_dn_entry-Get DN 'CN=xiaoming,OU=TAC,DC=fortibj,DC=com'
    
    [1127] __fnbamd_ldap_read-Read 8
    [1233] fnbamd_ldap_recv-Leftover 2
    [1127] __fnbamd_ldap_read-Read 78
    [1306] fnbamd_ldap_recv-Response len: 80, svr: 192.168.91.208
    [987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:2, type:search-reference
    [1023] fnbamd_ldap_parse_response-ret=0
    [1127] __fnbamd_ldap_read-Read 8
    [1233] fnbamd_ldap_recv-Leftover 2
    [1127] __fnbamd_ldap_read-Read 78
    [1306] fnbamd_ldap_recv-Response len: 80, svr: 192.168.91.208
    [987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:2, type:search-reference
    [1023] fnbamd_ldap_parse_response-ret=0
    [1127] __fnbamd_ldap_read-Read 8
    [1233] fnbamd_ldap_recv-Leftover 2
    [1127] __fnbamd_ldap_read-Read 62
    [1306] fnbamd_ldap_recv-Response len: 64, svr: 192.168.91.208
    [987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:2, type:search-reference
    [1023] fnbamd_ldap_parse_response-ret=0
    [1127] __fnbamd_ldap_read-Read 8
    [1233] fnbamd_ldap_recv-Leftover 2
    [1127] __fnbamd_ldap_read-Read 14
    [1306] fnbamd_ldap_recv-Response len: 16, svr: 192.168.91.208
    [987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:2, type:search-result
    [1023] fnbamd_ldap_parse_response-ret=0
    
  5. 用户user1绑定请求成功。

    [1052] __ldap_rxtx-Change state to 'User Binding'
    [985] __ldap_rxtx-state 5(User Binding)
    [596] fnbamd_ldap_build_userbind_req-Trying DN 'CN=xiaoming,OU=TAC,DC=fortibj,DC=com'
    [363] __ldap_build_bind_req-Binding to 'CN=xiaoming,OU=TAC,DC=fortibj,DC=com'
    [1083] fnbamd_ldap_send-sending 93 bytes to 192.168.91.208
    [1096] fnbamd_ldap_send-Request is sent. ID 3
    
    [985] __ldap_rxtx-state 6(User Bind resp)
    [1127] __fnbamd_ldap_read-Read 8
    [1233] fnbamd_ldap_recv-Leftover 2
    [1127] __fnbamd_ldap_read-Read 14
    [1306] fnbamd_ldap_recv-Response len: 16, svr: 192.168.91.208
    [987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:3, type:bind
    
    response-ret=0 //绑定成功
    [1023] fnbamd_ldap_parse_response-ret=0
    
  6. memberOf属性查询。

    [1052] __ldap_rxtx-Change state to 'Attr query'
    [985] __ldap_rxtx-state 7(Attr query)
    [649] fnbamd_ldap_build_attr_search_req-Adding attr 'memberOf'
    [661] fnbamd_ldap_build_attr_search_req-base:'CN=xiaoming,OU=TAC,DC=fortibj,DC=com' filter:cn=*
    [1083] fnbamd_ldap_send-sending 112 bytes to 192.168.91.208
    [1096] fnbamd_ldap_send-Request is sent. ID 4
    
    [985] __ldap_rxtx-state 8(Attr query resp)
    [1127] __fnbamd_ldap_read-Read 8
    [1233] fnbamd_ldap_recv-Leftover 2
    [1127] __fnbamd_ldap_read-Read 195
    [1306] fnbamd_ldap_recv-Response len: 197, svr: 192.168.91.208
    [987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:4, type:search-entry
    
  7. 查询成功,获得user1的用户组CN=grp1,CN=Users,DC=fortibj,DC=com。

    [1023] fnbamd_ldap_parse_response-ret=0
    [556] __get_member_of_groups-Get the memberOf groups.
    [522] __retrieve_group_values-Get the memberOf groups.
    [532] __retrieve_group_values- attr='memberOf', found 1 values
    [542] __retrieve_group_values-val[0]='CN=grp1,CN=Users,DC=fortibj,DC=com'
    
    [1127] __fnbamd_ldap_read-Read 8
    [1233] fnbamd_ldap_recv-Leftover 2
    [1127] __fnbamd_ldap_read-Read 14
    [1306] fnbamd_ldap_recv-Response len: 16, svr: 192.168.91.208
    [987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:4, type:search-result
    [1023] fnbamd_ldap_parse_response-ret=0
    [1305] __fnbamd_ldap_attr_next-Entering CHKPRIMARYGRP state
    
  8. Primary group属性查询。

    [1052] __ldap_rxtx-Change state to 'Primary group query'
    [985] __ldap_rxtx-state 13(Primary group query)
    [685] fnbamd_ldap_build_primary_grp_search_req-starting primary group check...
    [689] fnbamd_ldap_build_primary_grp_search_req-number of sub auths 5 
    [707] fnbamd_ldap_build_primary_grp_search_req-base:'dc=fortibj,dc=com' filter:(&(objectclass=group)(objectSid=\01\05\00\00\00\00\00\05\15\00\00\00\b8\17\0b\a2\b5\db\a4\d8\c0\a2\54\19\01\02\00\00))
    [1083] fnbamd_ldap_send-sending 121 bytes to 192.168.91.208
    [1096] fnbamd_ldap_send-Request is sent. ID 5
    
    [985] __ldap_rxtx-state 14(Primary group query resp)
    [1127] __fnbamd_ldap_read-Read 8
    [1233] fnbamd_ldap_recv-Leftover 2
    [1127] __fnbamd_ldap_read-Read 110
    [1306] fnbamd_ldap_recv-Response len: 112, svr: 192.168.91.208
    [987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:5, type:search-entry
    
  9. 获得Primary group是CN=Domain Users,CN=Users,DC=fortibj,DC=com。

    [1023] fnbamd_ldap_parse_response-ret=0
    [472] __get_one_group-group: CN=Domain Users,CN=Users,DC=fortibj,DC=com
    
    [1127] __fnbamd_ldap_read-Read 8
    [1233] fnbamd_ldap_recv-Leftover 2
    [1127] __fnbamd_ldap_read-Read 78
    [1306] fnbamd_ldap_recv-Response len: 80, svr: 192.168.91.208
    [987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:5, type:search-reference
    [1023] fnbamd_ldap_parse_response-ret=0
    [1127] __fnbamd_ldap_read-Read 8
    [1233] fnbamd_ldap_recv-Leftover 2
    [1127] __fnbamd_ldap_read-Read 78
    [1306] fnbamd_ldap_recv-Response len: 80, svr: 192.168.91.208
    [987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:5, type:search-reference
    [1023] fnbamd_ldap_parse_response-ret=0
    [1127] __fnbamd_ldap_read-Read 8
    [1233] fnbamd_ldap_recv-Leftover 2
    [1127] __fnbamd_ldap_read-Read 62
    [1306] fnbamd_ldap_recv-Response len: 64, svr: 192.168.91.208
    [987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:5, type:search-reference
    [1023] fnbamd_ldap_parse_response-ret=0
    [1127] __fnbamd_ldap_read-Read 8
    [1233] fnbamd_ldap_recv-Leftover 2
    [1127] __fnbamd_ldap_read-Read 14
    [1306] fnbamd_ldap_recv-Response len: 16, svr: 192.168.91.208
    [987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:5, type:search-result
    [1023] fnbamd_ldap_parse_response-ret=0
    [1433] __fnbamd_ldap_primary_grp_next-Auth accepted
    
  10. 查询完成。

    [1052] __ldap_rxtx-Change state to 'Done'
    [985] __ldap_rxtx-state 23(Done)
    [1083] fnbamd_ldap_send-sending 7 bytes to 192.168.91.208
    [1096] fnbamd_ldap_send-Request is sent. ID 6
    [785] __ldap_done-svr 'LDAP208'
    [755] __ldap_destroy-
    [724] __ldap_stop-Conn with 192.168.91.208 destroyed.
    
  11. 查询的结果。

    [2678] fnbamd_ldap_result-Result for ldap svr 192.168.91.208(LDAP208) is SUCCESS
    [401] ldap_copy_grp_list-copied CN=grp1,CN=Users,DC=fortibj,DC=com
    [401] ldap_copy_grp_list-copied CN=Domain Users,CN=Users,DC=fortibj,DC=com
    
    [2693] fnbamd_ldap_result-Skipping group matching
    [216] fnbamd_comm_send_result-Sending result 0 (nid 0) for req 730526726, len=2227
    [789] destroy_auth_session-delete session 730526726
    [755] __ldap_destroy-
    [1764] fnbamd_ldap_auth_ctx_free-Freeing 'LDAP208' ctx
    

认证失败

  1. 准备查询的用户名user1和base DN。

    # diagnose debug application fnbamd -1
    # diagnose debug  enable 
    
    [1906] handle_req-Rcvd auth req 730526741 for user1 in LDAP208 opt=0000001b prot=0
    [466] __compose_group_list_from_req-Group 'LDAP208', type 1
    [616] fnbamd_pop3_start-user1
    [989] __fnbamd_cfg_get_ldap_list_by_server-
    [995] __fnbamd_cfg_get_ldap_list_by_server-Loaded LDAP server 'LDAP208'
    [1150] fnbamd_cfg_get_ldap_list-Total ldap servers to try: 1
    
    [1717] fnbamd_ldap_init-search filter is: sAMAccountName=user1
    [1727] fnbamd_ldap_init-search base is: dc=fortibj,dc=com
    
    [1149] __fnbamd_ldap_dns_cb-Resolved LDAP208:192.168.91.208 to 192.168.91.208, cur stack size:1
    [924] __fnbamd_ldap_get_next_addr-
    [1154] __fnbamd_ldap_dns_cb-Connection starts LDAP208:192.168.91.208, addr 192.168.91.208
    [879] __fnbamd_ldap_start_conn-Still connecting 192.168.91.208.
    [633] create_auth_session-Total 1 server(s) to try
    [1107] __ldap_connect-tcps_connect(192.168.91.208) is established.
    
  2. LDAP管理员账号绑定成功。

    [985] __ldap_rxtx-state 3(Admin Binding)
    [363] __ldap_build_bind_req-Binding to 'CN=Administrator,CN=Users,DC=fortibj,DC=com'
    [1083] fnbamd_ldap_send-sending 69 bytes to 192.168.91.208
    [1096] fnbamd_ldap_send-Request is sent. ID 1
    
    [985] __ldap_rxtx-state 4(Admin Bind resp)
    [1127] __fnbamd_ldap_read-Read 8
    [1233] fnbamd_ldap_recv-Leftover 2
    [1127] __fnbamd_ldap_read-Read 14
    [1306] fnbamd_ldap_recv-Response len: 16, svr: 192.168.91.208
    [987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:1, type:bind
    
    response-ret=0    //绑定成功
    [1023] fnbamd_ldap_parse_response-ret=0
    
  3. 查询user1的DN。

    [1052] __ldap_rxtx-Change state to 'DN search'
    [985] __ldap_rxtx-state 11(DN search)
    [750] fnbamd_ldap_build_dn_search_req-base:'dc=fortibj,dc=com' filter:sAMAccountName=user1
    [1083] fnbamd_ldap_send-sending 73 bytes to 192.168.91.208
    [1096] fnbamd_ldap_send-Request is sent. ID 2
    
    [985] __ldap_rxtx-state 12(DN search resp)
    [1127] __fnbamd_ldap_read-Read 8
    [1233] fnbamd_ldap_recv-Leftover 2
    [1127] __fnbamd_ldap_read-Read 51
    [1306] fnbamd_ldap_recv-Response len: 53, svr: 192.168.91.208
    [987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:2, type:search-entry
    
  4. 查询成功,获得user1的DN是 xiaoming,OU=TAC,DC=fortibj,DC=com。

    response-ret=0    //查询成功,获得user1的DN是 xiaoming,OU=TAC,DC=fortibj,DC=com
    [1023] fnbamd_ldap_parse_response-ret=0
    [1225] __fnbamd_ldap_dn_entry-Get DN 'CN=xiaoming,OU=TAC,DC=fortibj,DC=com'
    
    [1127] __fnbamd_ldap_read-Read 8
    [1233] fnbamd_ldap_recv-Leftover 2
    [1127] __fnbamd_ldap_read-Read 78
    [1306] fnbamd_ldap_recv-Response len: 80, svr: 192.168.91.208
    [987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:2, type:search-reference
    [1023] fnbamd_ldap_parse_response-ret=0
    [1127] __fnbamd_ldap_read-Read 8
    [1233] fnbamd_ldap_recv-Leftover 2
    [1127] __fnbamd_ldap_read-Read 78
    [1306] fnbamd_ldap_recv-Response len: 80, svr: 192.168.91.208
    [987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:2, type:search-reference
    [1023] fnbamd_ldap_parse_response-ret=0
    [1127] __fnbamd_ldap_read-Read 8
    [1233] fnbamd_ldap_recv-Leftover 2
    [1127] __fnbamd_ldap_read-Read 62
    [1306] fnbamd_ldap_recv-Response len: 64, svr: 192.168.91.208
    [987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:2, type:search-reference
    [1023] fnbamd_ldap_parse_response-ret=0
    [1127] __fnbamd_ldap_read-Read 8
    [1233] fnbamd_ldap_recv-Leftover 2
    [1127] __fnbamd_ldap_read-Read 14
    [1306] fnbamd_ldap_recv-Response len: 16, svr: 192.168.91.208
    [987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:2, type:search-result
    [1023] fnbamd_ldap_parse_response-ret=0
    
  5. 用户user1绑定请求。

    [1052] __ldap_rxtx-Change state to 'User Binding'
    [985] __ldap_rxtx-state 5(User Binding)
    [596] fnbamd_ldap_build_userbind_req-Trying DN 'CN=xiaoming,OU=TAC,DC=fortibj,DC=com'
    [363] __ldap_build_bind_req-Binding to 'CN=xiaoming,OU=TAC,DC=fortibj,DC=com'
    [1083] fnbamd_ldap_send-sending 88 bytes to 192.168.91.208
    [1096] fnbamd_ldap_send-Request is sent. ID 3
    
    [985] __ldap_rxtx-state 6(User Bind resp)
    [1127] __fnbamd_ldap_read-Read 8
    [1233] fnbamd_ldap_recv-Leftover 2
    [1127] __fnbamd_ldap_read-Read 102
    [1306] fnbamd_ldap_recv-Response len: 104, svr: 192.168.91.208
    [987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:3, type:bind
    
  6. 绑定失败,响应码49,响应消息52e,即密码不对。

    [1009] fnbamd_ldap_parse_response-Error 49(80090308: LdapErr: DSID-0C0903D3, comment: AcceptSecurityContext error, data 52e, v3839)
    [1023] fnbamd_ldap_parse_response-ret=49
    
    [262] fnbamd_ldap_more_dn_left-idx:0, total:1
    [1052] __ldap_rxtx-Change state to 'Done'
    [985] __ldap_rxtx-state 23(Done)
    [1083] fnbamd_ldap_send-sending 7 bytes to 192.168.91.208
    [1096] fnbamd_ldap_send-Request is sent. ID 4
    [785] __ldap_done-svr 'LDAP208'
    [755] __ldap_destroy-
    [724] __ldap_stop-Conn with 192.168.91.208 destroyed.
    [216] fnbamd_comm_send_result-Sending result 1 (nid 0) for req 730526741, len=2148
    [789] destroy_auth_session-delete session 730526741
    [755] __ldap_destroy-
    [1764] fnbamd_ldap_auth_ctx_free-Freeing 'LDAP208' ctx
    

Copyright © 2024 Fortinet Inc. All rights reserved. Powered by Fortinet TAC Team.
📲扫描下方二维码分享此页面👇
该页面修订于: 2024-01-02 16:08:45

results matching ""

    No results matching ""