06-03-2021 03:06 AM
We have a challenge such that, there are around 100 mapped user groups from AD and we need to add them in a single rule. Is there any way we could add those user groups to another single user group and use it in the rule?
06-03-2021 04:59 AM
You could create a custom group with which you can create a group based on an ldap filter. With this ldap filter you can create a filter with the member-of attribute to include your other groups and then use this one custom group in the security policy.
06-03-2021 05:08 AM
... or you create a group in active directory where you add these 100 groups to it and in the security policy rule you will then be able to use this active directory group.
06-03-2021 09:58 AM
This is what Remo was referring to, I think:
I would recommend staying away from embedding groups as I have seen this cause issues in the past with various products.
06-04-2021 04:59 AM
Thanks for the responses. Assume that we have a ldap group as CN=x,OU=Groups,OU=y,DC=abc,DC=com . In this case, can we filter out groups from OU level? I'm not clear about how to create the filter in that custom groups. I really appreciate if you could help me out here.
06-04-2021 08:27 AM
As far as I know, you cannot create an ldap filter that gets all groups in a specific OU. For such a query you need to use the base DN in an ldap server profile. So in this case I recommend to create a new ldap server profile (or copy the existing one) and specify the base DN exactly as you need it to get the groups you need.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!