LDAP not work if management interface IP address cannot reach Windows AD

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

LDAP not work if management interface IP address cannot reach Windows AD

L3 Networker

Configuration as below

 

1. Mangement interface with IP 192.168.1.2 (non-PA device as gateway)

2. Windows AD with IP 172.16.1.2 (PA device layer3 interface as gateway)

3. Subnet 192.168.1.0/24 and 172.16.1.0/24 cannot reach each other

 

With correct LDAP config (LDAP IP, Port, Base DN, etc.). Go to "Device > User Identification > Group Mapping Settings > Group Include List". When expand the AD Users and Computers list always show failed to connect to the AD server.

 

After I change the management interface IP to the same subnet of Windows AD or set route to allow communication between the 2 subnet. The problem gone.

 

Is this the product restriction or did I miss something?

1 accepted solution

Accepted Solutions

L7 Applicator

By default ldap service is on management interface. Go to device, setup, services and change the default to an interface that can route to your AD network.

View solution in original post

2 REPLIES 2

L7 Applicator

By default ldap service is on management interface. Go to device, setup, services and change the default to an interface that can route to your AD network.

Thanks MickBall. Customize service route configuration solve the probem.

  • 1 accepted solution
  • 2177 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!