- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
07-14-2022 10:24 AM
Hi
Someone know if there is a way to remove the domain name from the group mapping
The reason why is because i get from external source on palo alto the user id test1 or "test2" or "test3"
Goal is create a policy rule base on the source user that is being part of a domain group
In my case LDAP group mapping get this information:
show user group name emea.com\test
short name: emea.com\test
source type: ldap
source: test
[1 ] emea.com\test1
[2 ] emea.com\test2
[3 ] emea.com\test3
This is good but only need from the group mapping the name
"test1" or "test2" or "test3"
and not
emea.com\test1
emea.com\test2
emea.com\test3
i expend hours and there is no way to understand or found the reason why palo alto get from ldap group mapping "domain name + name"
Thanks
07-15-2022 03:16 AM
Hi @alvaroarcaz ,
If I am not wrong, group mapping will always add domain, because it needs to cover cases where you have multiple domains or even domain forest.
So in my humble opinion you should try to append the domain to the user-ip-mapping so it can match the group mapping.
Can you share bit more information how you receive user-ip-mapping? How it is configured currently?
07-18-2022 03:11 AM
08-08-2022 03:27 AM
Hi @alvaroarcaz ,
I know there is a way to override the domain for Group Mapping, but not sure if there is a way to remove it completely.
As I mentioned for me it sound reasonable to have it as you may work in multi domain environment.
The solution for you to add the desired domain to the user-ip-mapping from the User-ID agent that is processing the Pulse Secure logs. In User-ID agent settings that is parsing the Pulse Secure syslog messages go to User Identification -> Discovery -> Servers -> Edit you Pulse Secure entry and add the domain the same way as you see it the group mapping
08-09-2022 03:46 AM
12-07-2023 08:01 AM
As @aleksandar.astardzhiev stated above, you can add in whatever domain you want. Below, I'm using a syslog filter to capture the username via syslog, no domain added.
I update the syslog sender config to include a domain (mydomain).
I trigger another syslog message, and the domain I specified is added.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!