Group names showing full LDAP name

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Group names showing full LDAP name

L3 Networker

Prior to upgrading to v4.1, when adding an AD group to a policy, the group name used to show up as the shortened name "domain\groupname".  While those policies still work post upgrading, whenever I now add a group name to a policy, the group shows up as "cn:groupname,ou:users,dc=domain,dc=local".  While functional, not as cosmetic.

Is it a config/setting issue on my end where I can get the old style group names to appear or is this the new format moving forward?   For what its worth, when adding users it still shows up as "domain\user".

See the attached screen shot for an example.

1 REPLY 1

Retired Member
Not applicable

With PAN-OS 4.0 we had separate PAN-agent for AD and User-ID agent for LDAP. PAN-OS 4.1 combines both into a single unified client. With 4.1 the agent will still provide IP-user mapping. But group info will now come directly from LDAP. This is why you see group info in the format you are seeing. As I understand it, this will be the format going forward.

Regards

-Richard

  • 2588 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!