ldap groups not working

Showing results for 
Search instead for 
Did you mean: 

ldap groups not working

L2 Linker


for some reason we ( and many other customers ) are still experiencing issues regarding the use of ldap groups in an authenticatin profile for example SSL VPN.

We have microsoft AD as LDAP server and we went through every step in the well known following document ( eDirectory and LDAP authentication in PANOS 3 1 3.pdf)

When we specify a single LDAP user in our authentication profile , we are able to authenticate with that user , but members of LDAP groups are not working as it should be.

I made a pdf document with printscreens of our configuration ( pdf document attached ). As you can see in the document , the PA is able to read the members of the group.

Please anyone who has good advice for us ( and many other customers ) to make this work ?

thanks alot !

Securelink support !


L6 Presenter

It looks like you are using the 4.0 BETA software. Is this correct?

Are you utilizing the SSL VPN client or the Global Protect client?


L0 Member

From what I understand you need to make sure that you LDAP attibutes are in the correct case (I could be wrong)

In your "ldap_test_profile" the login attribute i think should be "sAMAccountName" and not "samaccountname" as displayed.

Hope this helps

Cyber Elite
Cyber Elite

in this case the domain needed to be removed from the ldap config since the domain only needs to be filled in when a panagent is also present

Tom Piens
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!