topic Re: FreeIPA LDAP group mapping in General Topics https://live.paloaltonetworks.com/t5/general-topics/freeipa-ldap-group-mapping/m-p/298546#M78219 <P>Hello <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/40858">@blachance</a>,</P><P>&nbsp;</P><P>We are trying to connect our Palo Alto to our FreeIPA for the userID part.</P><P>I wanted to know what settings you have configured at the LDAP level, Authentication Profile and User Identification/Group Mapping Settings?</P><P>&nbsp;</P><P>Thank you for your help!</P> Thu, 14 Nov 2019 14:25:11 GMT nfernandes 2019-11-14T14:25:11Z FreeIPA LDAP group mapping https://live.paloaltonetworks.com/t5/general-topics/freeipa-ldap-group-mapping/m-p/189234#M57312 <P>UPDATED:</P><P>The LDAP package FreeIPA uses , 389-ds-base, had some security vulunerabilities and has been updated. This update has caused the PA to fail checking users within groups. Here's is the latest configuration that works with 389-ds-base (1.3.8.4-15.el7.x86_64)Ive tried&nbsp;many parameters trying to connect to FreeIPA for LDAP group mapping and finally found the right config, here it is. The 'x' values in the User Attributes are required, the value itself does not matter just as long as the attribute itself is being used</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="FreeIPACapture1 (1).GIF" style="width: 800px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/18562i10A8754A23B1DE2C/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="FreeIPACapture1 (1).GIF" alt="FreeIPACapture1 (1).GIF" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="FreeIPACapture2 (1).GIF" style="width: 800px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/18563i2A5A5D9E07924825/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="FreeIPACapture2 (1).GIF" alt="FreeIPACapture2 (1).GIF" /></span></P><P>&nbsp;</P><P>&nbsp;</P> Fri, 01 Feb 2019 16:16:36 GMT https://live.paloaltonetworks.com/t5/general-topics/freeipa-ldap-group-mapping/m-p/189234#M57312 blachance 2019-02-01T16:16:36Z Re: FreeIPA LDAP group mapping https://live.paloaltonetworks.com/t5/general-topics/freeipa-ldap-group-mapping/m-p/298546#M78219 <P>Hello <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/40858">@blachance</a>,</P><P>&nbsp;</P><P>We are trying to connect our Palo Alto to our FreeIPA for the userID part.</P><P>I wanted to know what settings you have configured at the LDAP level, Authentication Profile and User Identification/Group Mapping Settings?</P><P>&nbsp;</P><P>Thank you for your help!</P> Thu, 14 Nov 2019 14:25:11 GMT https://live.paloaltonetworks.com/t5/general-topics/freeipa-ldap-group-mapping/m-p/298546#M78219 nfernandes 2019-11-14T14:25:11Z