LDAP认证配置与排错
2025/10/29大约 11 分钟
LDAP认证配置与排错
配置LDAP认证
配置接口地址和路由
ping测试FortiGate与LDAP服务器之间的连通性。测试环境使用Windows AD作为LDAP服务器,地址是192.168.91.208。
# execute ping 192.168.91.208 PING 192.168.91.208 (192.168.91.208): 56 data bytes 64 bytes from 192.168.91.208: icmp_seq=0 ttl=127 time=0.3 ms 64 bytes from 192.168.91.208: icmp_seq=1 ttl=127 time=0.2 ms 64 bytes from 192.168.91.208: icmp_seq=2 ttl=127 time=0.2 ms 64 bytes from 192.168.91.208: icmp_seq=3 ttl=127 time=0.2 ms 64 bytes from 192.168.91.208: icmp_seq=4 ttl=127 time=0.2 ms --- 192.168.91.208 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max = 0.2/0.2/0.3 ms配置LDAP
选择”用户与认证“-->LDAP,点击”新建“。
配置参数:
名称:输入一个名称,不冲突即可;
服务器IP/名称:LDAP服务器的IP地址;
服务器端口:LDAP通信端口,默认TCP 389;
Common Name标识符:FortiGate用于识别连接用户的LDAP中对象的属性字段。Windows AD域使用sAMAccountName,OpenLDAP使用uid。这里使用Windows AD域;
**Distinguished Name:**用于在LDAP服务器上查找用户帐户条目,反映了查找的CN标识符之上的LDAP的层次结构; 输入dc=fortibj,dc=com指定包含所有对象的域根; 输入ou=tac,dc=fortibj,dc=com查询指定组织单元下的用户;
绑定类型:选择常规,使用提供的用户名和密码进行绑定,并从DN开始搜索并递归遍历子树;
用户名:用户名支持的格式:格式1:CN=Administrator,CN=Users,DC=fortibj,DC=com;格式2:Administrator@fortibj.com。
C:\Users\Administrator>dsquery user -name administrator "CN=Administrator,CN=Users,DC=fortibj,DC=com"密码:用户的密码;
点击”确定“,配置完成。
对应的命令行如下:
config user ldap edit "LDAP208" set server "192.168.91.208" set cnid "sAMAccountName" set dn "dc=fortibj,dc=com" set type regular set username "CN=Administrator,CN=Users,DC=fortibj,DC=com" set password xxxxxxxx next end查看LDAP目录结构
当LDAP配置正确时,可以点击”浏览“,查看LDAP目录结构。
LDAP服务器测试
FortiGate与LDAP服务器之间连通性测试
GUI编辑LDAP服务器的配置界面,点击”测试连接性“。
CLI语法测试连通性:
# diagnose test authserver ldap-direct [IP] [port number]CLI语法测试用户和密码是否正确:
# diagnose test authserver ldap <server_name> <username> <password>如果连接状态是”成功“,则FortiGate与LDAP服务器之间通信正常。
对应CLI的测试结果:
# diagnose test authserver ldap-direct 192.168.91.208 389 LDAP server '192.168.91.208' status is OK如果连接状态是”无效的凭证“,则说明LDAP服务器的账号或者密码不正确。
对应的命令行:
# diagnose test authserver ldap LDAP208 administrator Test@123456 authenticate 'administrator' against 'LDAP208' succeeded! Group membership(s) - CN=Group Policy Creator Owners,CN=Users,DC=fortibj,DC=com CN=Domain Admins,CN=Users,DC=fortibj,DC=com CN=Enterprise Admins,CN=Users,DC=fortibj,DC=com CN=Schema Admins,CN=Users,DC=fortibj,DC=com CN=Remote Desktop Users,CN=Builtin,DC=fortibj,DC=com CN=Administrators,CN=Builtin,DC=fortibj,DC=com CN=Domain Users,CN=Users,DC=fortibj,DC=com如果连接状态是”不能连接到LDAP服务器“,则说明到LDAP服务器不可达。
对应CLI的测试结果:
# diagnose test authserver ldap-direct 192.168.91.208 389 LDAP server '192.168.91.208' status is Server unreachable
测试LDAP服务器中的用户及密码
GUI编辑Radius服务器的配置界面,点击”测试用户认证信息“。
CLI的语法:
# diagnose test authserver ldap <server_name> <username> <password>用户名或者密码不正确
对应的CLI测试结果如下:
# diagnose test authserver ldap LDAP208 user1 123456 authenticate 'user1' against 'LDAP208' failed!用户名和密码正确
对应的CLI测试结果如下,CLI显示了用户user1所在的用户组信息。
# diagnose test authserver ldap LDAP208 user1 Pass@123456 authenticate 'user1' against 'LDAP208' succeeded! Group membership(s) - CN=grp1,CN=Users,DC=fortibj,DC=com CN=Domain Users,CN=Users,DC=fortibj,DC=com
其他LDAP配置参数
修改LDAP端口
config user ldap edit LDAP208 set port xx next end指定原IP地址
config user ldap edit LDAP208 set source-ip x.x.x.x next end
创建ldap用户
选择“用户与认证”-->“设置用户”,点击新建
选择LDAP用户,点击“下一步”
选择配置好的LDAP服务器,点击“下一步”
这里添加user1,右击user1,点击“添加已选”
点击“已选的”,查看选中的用户,确认无误后,点击“提交”。
完成LDAP用户创建
创建ldap用户组
选择“用户与认证”-->“用户组”,点击“新建”
配置LDAP
设置FortiGate用户组名称 group1,在远程组中,点击“添加”,选择配置好的远程服务器,会自动显示出目录树,找到需要添加的用户组,这里选择grp1,右击“添加已选”,那么group1匹配远端LDAP用户组grp1中的用户。可以添加多个用户组,如再增加grp2,那么group1匹配远端LDAP用户组grp1和grp2中的用户。
点击“已选的”,查看选中的用户组,确认无误后,点击“确认”。
点击确认
配置完成
重要
如果在group1用不选择任何用户组,那么group1匹配LDAP服务器配置的DN目录下的所有用户。
LDAP认证debug
认证成功
准备查询的用户名user1和base DN。
# diagnose debug application fnbamd -1 # diagnose debug enable [1906] handle_req-Rcvd auth req 730526726 for user1 in LDAP208 opt=0000001b prot=0 [466] __compose_group_list_from_req-Group 'LDAP208', type 1 [616] fnbamd_pop3_start-user1 [989] __fnbamd_cfg_get_ldap_list_by_server- [995] __fnbamd_cfg_get_ldap_list_by_server-Loaded LDAP server 'LDAP208' [1150] fnbamd_cfg_get_ldap_list-Total ldap servers to try: 1 [1717] fnbamd_ldap_init-search filter is: sAMAccountName=user1 [1727] fnbamd_ldap_init-search base is: dc=fortibj,dc=com [1149] __fnbamd_ldap_dns_cb-Resolved LDAP208:192.168.91.208 to 192.168.91.208, cur stack size:1 [924] __fnbamd_ldap_get_next_addr- [1154] __fnbamd_ldap_dns_cb-Connection starts LDAP208:192.168.91.208, addr 192.168.91.208 [879] __fnbamd_ldap_start_conn-Still connecting 192.168.91.208. [633] create_auth_session-Total 1 server(s) to try [1107] __ldap_connect-tcps_connect(192.168.91.208) is established.LDAP管理员账号绑定。
[985] __ldap_rxtx-state 3(Admin Binding) [363] __ldap_build_bind_req-Binding to 'CN=Administrator,CN=Users,DC=fortibj,DC=com' [1083] fnbamd_ldap_send-sending 69 bytes to 192.168.91.208 [1096] fnbamd_ldap_send-Request is sent. ID 1 [985] __ldap_rxtx-state 4(Admin Bind resp) [1127] __fnbamd_ldap_read-Read 8 [1233] fnbamd_ldap_recv-Leftover 2 [1127] __fnbamd_ldap_read-Read 14 [1306] fnbamd_ldap_recv-Response len: 16, svr: 192.168.91.208 [987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:1, type:bind response-ret=0 //绑定成功 [1023] fnbamd_ldap_parse_response-ret=0查询user1的DN。
[1052] __ldap_rxtx-Change state to 'DN search' [985] __ldap_rxtx-state 11(DN search) [750] fnbamd_ldap_build_dn_search_req-base:'dc=fortibj,dc=com' filter:sAMAccountName=user1 [1083] fnbamd_ldap_send-sending 73 bytes to 192.168.91.208 [1096] fnbamd_ldap_send-Request is sent. ID 2 [985] __ldap_rxtx-state 12(DN search resp) [1127] __fnbamd_ldap_read-Read 8 [1233] fnbamd_ldap_recv-Leftover 2 [1127] __fnbamd_ldap_read-Read 51 [1306] fnbamd_ldap_recv-Response len: 53, svr: 192.168.91.208 [987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:2, type:search-entry查询成功,获得user1的DN是 xiaoming,OU=TAC,DC=fortibj,DC=com。
response-ret=0 //查询成功,获得user1的DN是 xiaoming,OU=TAC,DC=fortibj,DC=com [1023] fnbamd_ldap_parse_response-ret=0 [1225] __fnbamd_ldap_dn_entry-Get DN 'CN=xiaoming,OU=TAC,DC=fortibj,DC=com' [1127] __fnbamd_ldap_read-Read 8 [1233] fnbamd_ldap_recv-Leftover 2 [1127] __fnbamd_ldap_read-Read 78 [1306] fnbamd_ldap_recv-Response len: 80, svr: 192.168.91.208 [987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:2, type:search-reference [1023] fnbamd_ldap_parse_response-ret=0 [1127] __fnbamd_ldap_read-Read 8 [1233] fnbamd_ldap_recv-Leftover 2 [1127] __fnbamd_ldap_read-Read 78 [1306] fnbamd_ldap_recv-Response len: 80, svr: 192.168.91.208 [987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:2, type:search-reference [1023] fnbamd_ldap_parse_response-ret=0 [1127] __fnbamd_ldap_read-Read 8 [1233] fnbamd_ldap_recv-Leftover 2 [1127] __fnbamd_ldap_read-Read 62 [1306] fnbamd_ldap_recv-Response len: 64, svr: 192.168.91.208 [987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:2, type:search-reference [1023] fnbamd_ldap_parse_response-ret=0 [1127] __fnbamd_ldap_read-Read 8 [1233] fnbamd_ldap_recv-Leftover 2 [1127] __fnbamd_ldap_read-Read 14 [1306] fnbamd_ldap_recv-Response len: 16, svr: 192.168.91.208 [987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:2, type:search-result [1023] fnbamd_ldap_parse_response-ret=0用户user1绑定请求成功。
[1052] __ldap_rxtx-Change state to 'User Binding' [985] __ldap_rxtx-state 5(User Binding) [596] fnbamd_ldap_build_userbind_req-Trying DN 'CN=xiaoming,OU=TAC,DC=fortibj,DC=com' [363] __ldap_build_bind_req-Binding to 'CN=xiaoming,OU=TAC,DC=fortibj,DC=com' [1083] fnbamd_ldap_send-sending 93 bytes to 192.168.91.208 [1096] fnbamd_ldap_send-Request is sent. ID 3 [985] __ldap_rxtx-state 6(User Bind resp) [1127] __fnbamd_ldap_read-Read 8 [1233] fnbamd_ldap_recv-Leftover 2 [1127] __fnbamd_ldap_read-Read 14 [1306] fnbamd_ldap_recv-Response len: 16, svr: 192.168.91.208 [987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:3, type:bind response-ret=0 //绑定成功 [1023] fnbamd_ldap_parse_response-ret=0memberOf属性查询。
[1052] __ldap_rxtx-Change state to 'Attr query' [985] __ldap_rxtx-state 7(Attr query) [649] fnbamd_ldap_build_attr_search_req-Adding attr 'memberOf' [661] fnbamd_ldap_build_attr_search_req-base:'CN=xiaoming,OU=TAC,DC=fortibj,DC=com' filter:cn=* [1083] fnbamd_ldap_send-sending 112 bytes to 192.168.91.208 [1096] fnbamd_ldap_send-Request is sent. ID 4 [985] __ldap_rxtx-state 8(Attr query resp) [1127] __fnbamd_ldap_read-Read 8 [1233] fnbamd_ldap_recv-Leftover 2 [1127] __fnbamd_ldap_read-Read 195 [1306] fnbamd_ldap_recv-Response len: 197, svr: 192.168.91.208 [987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:4, type:search-entry查询成功,获得user1的用户组CN=grp1,CN=Users,DC=fortibj,DC=com。
[1023] fnbamd_ldap_parse_response-ret=0 [556] __get_member_of_groups-Get the memberOf groups. [522] __retrieve_group_values-Get the memberOf groups. [532] __retrieve_group_values- attr='memberOf', found 1 values [542] __retrieve_group_values-val[0]='CN=grp1,CN=Users,DC=fortibj,DC=com' [1127] __fnbamd_ldap_read-Read 8 [1233] fnbamd_ldap_recv-Leftover 2 [1127] __fnbamd_ldap_read-Read 14 [1306] fnbamd_ldap_recv-Response len: 16, svr: 192.168.91.208 [987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:4, type:search-result [1023] fnbamd_ldap_parse_response-ret=0 [1305] __fnbamd_ldap_attr_next-Entering CHKPRIMARYGRP statePrimary group属性查询。
[1052] __ldap_rxtx-Change state to 'Primary group query' [985] __ldap_rxtx-state 13(Primary group query) [685] fnbamd_ldap_build_primary_grp_search_req-starting primary group check... [689] fnbamd_ldap_build_primary_grp_search_req-number of sub auths 5 [707] fnbamd_ldap_build_primary_grp_search_req-base:'dc=fortibj,dc=com' filter:(&(objectclass=group)(objectSid=\01\05\00\00\00\00\00\05\15\00\00\00\b8\17\0b\a2\b5\db\a4\d8\c0\a2\54\19\01\02\00\00)) [1083] fnbamd_ldap_send-sending 121 bytes to 192.168.91.208 [1096] fnbamd_ldap_send-Request is sent. ID 5 [985] __ldap_rxtx-state 14(Primary group query resp) [1127] __fnbamd_ldap_read-Read 8 [1233] fnbamd_ldap_recv-Leftover 2 [1127] __fnbamd_ldap_read-Read 110 [1306] fnbamd_ldap_recv-Response len: 112, svr: 192.168.91.208 [987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:5, type:search-entry获得Primary group是CN=Domain Users,CN=Users,DC=fortibj,DC=com。
[1023] fnbamd_ldap_parse_response-ret=0 [472] __get_one_group-group: CN=Domain Users,CN=Users,DC=fortibj,DC=com [1127] __fnbamd_ldap_read-Read 8 [1233] fnbamd_ldap_recv-Leftover 2 [1127] __fnbamd_ldap_read-Read 78 [1306] fnbamd_ldap_recv-Response len: 80, svr: 192.168.91.208 [987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:5, type:search-reference [1023] fnbamd_ldap_parse_response-ret=0 [1127] __fnbamd_ldap_read-Read 8 [1233] fnbamd_ldap_recv-Leftover 2 [1127] __fnbamd_ldap_read-Read 78 [1306] fnbamd_ldap_recv-Response len: 80, svr: 192.168.91.208 [987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:5, type:search-reference [1023] fnbamd_ldap_parse_response-ret=0 [1127] __fnbamd_ldap_read-Read 8 [1233] fnbamd_ldap_recv-Leftover 2 [1127] __fnbamd_ldap_read-Read 62 [1306] fnbamd_ldap_recv-Response len: 64, svr: 192.168.91.208 [987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:5, type:search-reference [1023] fnbamd_ldap_parse_response-ret=0 [1127] __fnbamd_ldap_read-Read 8 [1233] fnbamd_ldap_recv-Leftover 2 [1127] __fnbamd_ldap_read-Read 14 [1306] fnbamd_ldap_recv-Response len: 16, svr: 192.168.91.208 [987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:5, type:search-result [1023] fnbamd_ldap_parse_response-ret=0 [1433] __fnbamd_ldap_primary_grp_next-Auth accepted查询完成。
[1052] __ldap_rxtx-Change state to 'Done' [985] __ldap_rxtx-state 23(Done) [1083] fnbamd_ldap_send-sending 7 bytes to 192.168.91.208 [1096] fnbamd_ldap_send-Request is sent. ID 6 [785] __ldap_done-svr 'LDAP208' [755] __ldap_destroy- [724] __ldap_stop-Conn with 192.168.91.208 destroyed.查询的结果。
[2678] fnbamd_ldap_result-Result for ldap svr 192.168.91.208(LDAP208) is SUCCESS [401] ldap_copy_grp_list-copied CN=grp1,CN=Users,DC=fortibj,DC=com [401] ldap_copy_grp_list-copied CN=Domain Users,CN=Users,DC=fortibj,DC=com [2693] fnbamd_ldap_result-Skipping group matching [216] fnbamd_comm_send_result-Sending result 0 (nid 0) for req 730526726, len=2227 [789] destroy_auth_session-delete session 730526726 [755] __ldap_destroy- [1764] fnbamd_ldap_auth_ctx_free-Freeing 'LDAP208' ctx
认证失败
准备查询的用户名user1和base DN。
# diagnose debug application fnbamd -1 # diagnose debug enable [1906] handle_req-Rcvd auth req 730526741 for user1 in LDAP208 opt=0000001b prot=0 [466] __compose_group_list_from_req-Group 'LDAP208', type 1 [616] fnbamd_pop3_start-user1 [989] __fnbamd_cfg_get_ldap_list_by_server- [995] __fnbamd_cfg_get_ldap_list_by_server-Loaded LDAP server 'LDAP208' [1150] fnbamd_cfg_get_ldap_list-Total ldap servers to try: 1 [1717] fnbamd_ldap_init-search filter is: sAMAccountName=user1 [1727] fnbamd_ldap_init-search base is: dc=fortibj,dc=com [1149] __fnbamd_ldap_dns_cb-Resolved LDAP208:192.168.91.208 to 192.168.91.208, cur stack size:1 [924] __fnbamd_ldap_get_next_addr- [1154] __fnbamd_ldap_dns_cb-Connection starts LDAP208:192.168.91.208, addr 192.168.91.208 [879] __fnbamd_ldap_start_conn-Still connecting 192.168.91.208. [633] create_auth_session-Total 1 server(s) to try [1107] __ldap_connect-tcps_connect(192.168.91.208) is established.LDAP管理员账号绑定成功。
[985] __ldap_rxtx-state 3(Admin Binding) [363] __ldap_build_bind_req-Binding to 'CN=Administrator,CN=Users,DC=fortibj,DC=com' [1083] fnbamd_ldap_send-sending 69 bytes to 192.168.91.208 [1096] fnbamd_ldap_send-Request is sent. ID 1 [985] __ldap_rxtx-state 4(Admin Bind resp) [1127] __fnbamd_ldap_read-Read 8 [1233] fnbamd_ldap_recv-Leftover 2 [1127] __fnbamd_ldap_read-Read 14 [1306] fnbamd_ldap_recv-Response len: 16, svr: 192.168.91.208 [987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:1, type:bind response-ret=0 //绑定成功 [1023] fnbamd_ldap_parse_response-ret=0查询user1的DN。
[1052] __ldap_rxtx-Change state to 'DN search' [985] __ldap_rxtx-state 11(DN search) [750] fnbamd_ldap_build_dn_search_req-base:'dc=fortibj,dc=com' filter:sAMAccountName=user1 [1083] fnbamd_ldap_send-sending 73 bytes to 192.168.91.208 [1096] fnbamd_ldap_send-Request is sent. ID 2 [985] __ldap_rxtx-state 12(DN search resp) [1127] __fnbamd_ldap_read-Read 8 [1233] fnbamd_ldap_recv-Leftover 2 [1127] __fnbamd_ldap_read-Read 51 [1306] fnbamd_ldap_recv-Response len: 53, svr: 192.168.91.208 [987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:2, type:search-entry查询成功,获得user1的DN是 xiaoming,OU=TAC,DC=fortibj,DC=com。
response-ret=0 //查询成功,获得user1的DN是 xiaoming,OU=TAC,DC=fortibj,DC=com [1023] fnbamd_ldap_parse_response-ret=0 [1225] __fnbamd_ldap_dn_entry-Get DN 'CN=xiaoming,OU=TAC,DC=fortibj,DC=com' [1127] __fnbamd_ldap_read-Read 8 [1233] fnbamd_ldap_recv-Leftover 2 [1127] __fnbamd_ldap_read-Read 78 [1306] fnbamd_ldap_recv-Response len: 80, svr: 192.168.91.208 [987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:2, type:search-reference [1023] fnbamd_ldap_parse_response-ret=0 [1127] __fnbamd_ldap_read-Read 8 [1233] fnbamd_ldap_recv-Leftover 2 [1127] __fnbamd_ldap_read-Read 78 [1306] fnbamd_ldap_recv-Response len: 80, svr: 192.168.91.208 [987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:2, type:search-reference [1023] fnbamd_ldap_parse_response-ret=0 [1127] __fnbamd_ldap_read-Read 8 [1233] fnbamd_ldap_recv-Leftover 2 [1127] __fnbamd_ldap_read-Read 62 [1306] fnbamd_ldap_recv-Response len: 64, svr: 192.168.91.208 [987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:2, type:search-reference [1023] fnbamd_ldap_parse_response-ret=0 [1127] __fnbamd_ldap_read-Read 8 [1233] fnbamd_ldap_recv-Leftover 2 [1127] __fnbamd_ldap_read-Read 14 [1306] fnbamd_ldap_recv-Response len: 16, svr: 192.168.91.208 [987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:2, type:search-result [1023] fnbamd_ldap_parse_response-ret=0用户user1绑定请求。
[1052] __ldap_rxtx-Change state to 'User Binding' [985] __ldap_rxtx-state 5(User Binding) [596] fnbamd_ldap_build_userbind_req-Trying DN 'CN=xiaoming,OU=TAC,DC=fortibj,DC=com' [363] __ldap_build_bind_req-Binding to 'CN=xiaoming,OU=TAC,DC=fortibj,DC=com' [1083] fnbamd_ldap_send-sending 88 bytes to 192.168.91.208 [1096] fnbamd_ldap_send-Request is sent. ID 3 [985] __ldap_rxtx-state 6(User Bind resp) [1127] __fnbamd_ldap_read-Read 8 [1233] fnbamd_ldap_recv-Leftover 2 [1127] __fnbamd_ldap_read-Read 102 [1306] fnbamd_ldap_recv-Response len: 104, svr: 192.168.91.208 [987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:3, type:bind绑定失败,响应码49,响应消息52e,即密码不对。
[1009] fnbamd_ldap_parse_response-Error 49(80090308: LdapErr: DSID-0C0903D3, comment: AcceptSecurityContext error, data 52e, v3839) [1023] fnbamd_ldap_parse_response-ret=49 [262] fnbamd_ldap_more_dn_left-idx:0, total:1 [1052] __ldap_rxtx-Change state to 'Done' [985] __ldap_rxtx-state 23(Done) [1083] fnbamd_ldap_send-sending 7 bytes to 192.168.91.208 [1096] fnbamd_ldap_send-Request is sent. ID 4 [785] __ldap_done-svr 'LDAP208' [755] __ldap_destroy- [724] __ldap_stop-Conn with 192.168.91.208 destroyed. [216] fnbamd_comm_send_result-Sending result 1 (nid 0) for req 730526741, len=2148 [789] destroy_auth_session-delete session 730526741 [755] __ldap_destroy- [1764] fnbamd_ldap_auth_ctx_free-Freeing 'LDAP208' ctx