LDAP profiles can be used as an "Authentication Database" in order to allow access to the firewall or resources using LDAP credentials.
LDAP profiles can also be used in conjunction with the "Group Mappings Settings" option in order to provide Group Mappings for LDAP based user groups
An important consideration to note is that by only configuring an LDAP profile and Group Mapping settings, source user information will not be displayed in the logs. User-ID must be configured to accomplish this.
User-ID
User-ID is used solely to provide user to IP mapping information for the purpose of applying policies based on LDAP user account information.
User-ID Software agent can be installed on a system to provide this functionality.
Agentless User-ID can be configured on the firewall in the following location Device > User Identification > User Mappings.
User-ID configuration will provide source user information in the logs.