LDAP not work if management interface IP address cannot reach Windows AD

Reply
L2 Linker

LDAP not work if management interface IP address cannot reach Windows AD

Configuration as below

 

1. Mangement interface with IP 192.168.1.2 (non-PA device as gateway)

2. Windows AD with IP 172.16.1.2 (PA device layer3 interface as gateway)

3. Subnet 192.168.1.0/24 and 172.16.1.0/24 cannot reach each other

 

With correct LDAP config (LDAP IP, Port, Base DN, etc.). Go to "Device > User Identification > Group Mapping Settings > Group Include List". When expand the AD Users and Computers list always show failed to connect to the AD server.

 

After I change the management interface IP to the same subnet of Windows AD or set route to allow communication between the 2 subnet. The problem gone.

 

Is this the product restriction or did I miss something?

L7 Applicator

Re: LDAP not work if management interface IP address cannot reach Windows AD

By default ldap service is on management interface. Go to device, setup, services and change the default to an interface that can route to your AD network.

L2 Linker

Re: LDAP not work if management interface IP address cannot reach Windows AD

Thanks MickBall. Customize service route configuration solve the probem.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!