https://live.paloaltonetworks.com/t5/general-topics/ldap-authentication-questions/m-p/16322#M11901 <HTML><HEAD></HEAD><BODY><P>Sorry, I didn't understand.</P><P></P><P>Are you saying that if I have OpenLDAP to authenticate users in my company I don't need User-ID Agent/API to build security policy user based?</P><P>How can I get User-IP mapping in this situation?</P><P></P><P>Thanks</P></BODY></HTML> Wed, 02 Feb 2011 06:41:31 GMT migration 2011-02-02T06:41:31Z https://live.paloaltonetworks.com/t5/general-topics/ldap-authentication-questions/m-p/16320#M11899 <HTML><HEAD></HEAD><BODY><P>Hi everyone,</P><P></P><P>when I configure LDAP for authentication,<BR />then I'm getting the groups in the distinguished name (dn) format.<BR />I can choose them in policies and in the authentication profile.</P><P></P><P>Now my questions,<BR />is the pan-agent then needed for policy authentication, too? Please explain why!<BR />when I add a group in the dn format to the allow list<BR />of an authentication profile, then it seems to be not matching when I'm trying to authenticate,<BR />I have to add the users espacilly, is this right, or is the ldap connection not working correct?</P><P></P><P>Regards<BR />Christian</P></BODY></HTML> Thu, 02 Dec 2010 11:39:11 GMT https://live.paloaltonetworks.com/t5/general-topics/ldap-authentication-questions/m-p/16320#M11899 indevis 2010-12-02T11:39:11Z https://live.paloaltonetworks.com/t5/general-topics/ldap-authentication-questions/m-p/16321#M11900 <HTML><HEAD></HEAD><BODY><P>you do not need to have pan agent to authenicate using ldap. it would seem like your ldap configuration is incorrect. please create a case and upload the tech support file for review of your ldap configuration.</P></BODY></HTML> Thu, 02 Dec 2010 16:27:27 GMT https://live.paloaltonetworks.com/t5/general-topics/ldap-authentication-questions/m-p/16321#M11900 jnguyen 2010-12-02T16:27:27Z https://live.paloaltonetworks.com/t5/general-topics/ldap-authentication-questions/m-p/16322#M11901 <HTML><HEAD></HEAD><BODY><P>Sorry, I didn't understand.</P><P></P><P>Are you saying that if I have OpenLDAP to authenticate users in my company I don't need User-ID Agent/API to build security policy user based?</P><P>How can I get User-IP mapping in this situation?</P><P></P><P>Thanks</P></BODY></HTML> Wed, 02 Feb 2011 06:41:31 GMT https://live.paloaltonetworks.com/t5/general-topics/ldap-authentication-questions/m-p/16322#M11901 migration 2011-02-02T06:41:31Z https://live.paloaltonetworks.com/t5/general-topics/ldap-authentication-questions/m-p/16323#M11902 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>yes you can authenticate users for SSL-VPN, Captive Portal!</P><P>Then you have to authenticate active with your user credentials.</P><P>And then you can use the LDAP groups in you policies.</P><P></P><P>But if you want transparently authenticate the users,</P><P>then you are right you need the agent for the user-ip-mapping.</P><P></P><P>That is what I get, when I was testing.</P><P></P><P>Hope that helps.</P><P></P><P>Regards</P><P>Christian</P></BODY></HTML> Wed, 02 Feb 2011 07:35:26 GMT https://live.paloaltonetworks.com/t5/general-topics/ldap-authentication-questions/m-p/16323#M11902 indevis 2011-02-02T07:35:26Z https://live.paloaltonetworks.com/t5/general-topics/ldap-authentication-questions/m-p/16324#M11903 <HTML><HEAD></HEAD><BODY><P>Thank you so much!</P></BODY></HTML> Wed, 02 Feb 2011 09:00:27 GMT https://live.paloaltonetworks.com/t5/general-topics/ldap-authentication-questions/m-p/16324#M11903 migration 2011-02-02T09:00:27Z