https://live.paloaltonetworks.com/t5/general-topics/ldap-authentication/m-p/40633#M29837 <HTML><HEAD></HEAD><BODY><P>Hello</P><P></P><P>Here is my configuration on LDAP </P><P></P><P>*Group Objects</P><P>Search Filter:</P><P>Object Class: posixGroup</P><P>Group Name: cn</P><P>Group Member: memberUid</P><P></P><P>*User Objects</P><P>Search Filter:</P><P>Object Class: person</P><P>User Name: uid</P><P></P><P></P><P>hope this help</P><P></P><P>Jerick</P></BODY></HTML> Fri, 22 Mar 2013 06:17:35 GMT jerick 2013-03-22T06:17:35Z https://live.paloaltonetworks.com/t5/general-topics/ldap-authentication/m-p/40629#M29833 <HTML><HEAD></HEAD><BODY><P>Hello all,</P><P></P><P>I'm running on a PA5050 and I'm wondering how I specify what groups I want to have specific access to the WebUI using LDAP authentication. Also, is there a way to setup automatic account creation for new accounts that login using LDAP or do I still need to manually add everyone?</P><P></P><P>Thanks in advance.</P></BODY></HTML> Mon, 18 Mar 2013 19:55:04 GMT https://live.paloaltonetworks.com/t5/general-topics/ldap-authentication/m-p/40629#M29833 grkchr 2013-03-18T19:55:04Z https://live.paloaltonetworks.com/t5/general-topics/ldap-authentication/m-p/40630#M29834 <HTML><HEAD></HEAD><BODY><P>When using LDAP authentication you must specify each administrator manually and specify the authentication profile for LDAP on a per-user basis.&nbsp; Within the LDAP authentication profile you can specify an allow list based on group, but since you have to create each admin individually providing the group filter may be redundant.</P></BODY></HTML> Mon, 18 Mar 2013 20:09:02 GMT https://live.paloaltonetworks.com/t5/general-topics/ldap-authentication/m-p/40630#M29834 kfindlen 2013-03-18T20:09:02Z https://live.paloaltonetworks.com/t5/general-topics/ldap-authentication/m-p/40631#M29835 <HTML><HEAD></HEAD><BODY><P>Thanks. This is what I was looking for.</P></BODY></HTML> Mon, 18 Mar 2013 20:25:59 GMT https://live.paloaltonetworks.com/t5/general-topics/ldap-authentication/m-p/40631#M29835 grkchr 2013-03-18T20:25:59Z https://live.paloaltonetworks.com/t5/general-topics/ldap-authentication/m-p/40632#M29836 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>Just another side note, you can use Radius authentication with VSAs if you want to avoid creating users on the firewall. The VSAs can pull the username and the admin role automatically.</P><P></P><P>You can view this document for more details and to get help setting it up:</P><P></P><P><A __default_attr="1765" __jive_macro_name="document" class="jive_macro jive_macro_document" href="https://live.paloaltonetworks.com/"></A></P><P></P><P>Thanks,</P><P></P><P>Aditi</P></BODY></HTML> Thu, 21 Mar 2013 05:48:23 GMT https://live.paloaltonetworks.com/t5/general-topics/ldap-authentication/m-p/40632#M29836 apasupulati 2013-03-21T05:48:23Z https://live.paloaltonetworks.com/t5/general-topics/ldap-authentication/m-p/40633#M29837 <HTML><HEAD></HEAD><BODY><P>Hello</P><P></P><P>Here is my configuration on LDAP </P><P></P><P>*Group Objects</P><P>Search Filter:</P><P>Object Class: posixGroup</P><P>Group Name: cn</P><P>Group Member: memberUid</P><P></P><P>*User Objects</P><P>Search Filter:</P><P>Object Class: person</P><P>User Name: uid</P><P></P><P></P><P>hope this help</P><P></P><P>Jerick</P></BODY></HTML> Fri, 22 Mar 2013 06:17:35 GMT https://live.paloaltonetworks.com/t5/general-topics/ldap-authentication/m-p/40633#M29837 jerick 2013-03-22T06:17:35Z