show user group list - Shows custom group only

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

show user group list - Shows custom group only

Cyber Elite
Cyber Elite

Under group mappings of LDAP i have so many AD groups.

 

But when i run below command 

 

show user group list


Total: 1
1* : Custom Group

 

IT does not show me any group names from AD?

what is the reason for that?

 

Also what is difference between Custom group and AD groups in LDAP?

MP

Help the community: Like helpful comments and mark solutions.
30 REPLIES 30

L7 Applicator

do you have the correct setting in device/user identification/group mapping settings/server profile/group objects/object class

 

this needs to set to group. if set to user it will not show in cli

 

gid.png

 

AD groups are all users with the group attribute of "member"

 

custom groups are defined from an attribute of your choice, in affect...   a custom group...

I have same settings as you have shown

MP

Help the community: Like helpful comments and mark solutions.

and are your groups listed in "included groups" as below

 

uid2.png

yes i have as you mentioned.

MP

Help the community: Like helpful comments and mark solutions.

try...

 

show user group-mapping state all

 

 

can you see a line with "proxy state"

 

if you can then go to user-id agents and remove "use as ldap proxy"

no i do not see line with proxy state

MP

Help the community: Like helpful comments and mark solutions.

are you running multi VSYS?

Not running multivsys

MP

Help the community: Like helpful comments and mark solutions.

show user group-mapping statistics

 

 

how many groups are numbered here?

 

 

 

do you use policies based on group mappings and do they work?

also can you post a screen shot of the group include section.

 

 

show user group-mapping statistics

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Name Vsys Groups Last-Action(secs) Next-Action(secs)
---------------------------------------------------------------------------
Group_Mapping_1 vsys1 11 2587 secs ago(took 0 secs) In 1013 secs
Group_Mapping_2 vsys1 8 2590 secs ago(took 0 secs) In 1010 secs

 

 

yes i use group mapping in policies and  they work

MP

Help the community: Like helpful comments and mark solutions.

Added

MP

Help the community: Like helpful comments and mark solutions.

in your screen shot i cannot see the OU for any of the groups.

 

could you find one of the groups in the available list and make sure it has no special characters in the OU.  as below.

 

if my OU was called developer&objects it would not show in CLI.

 

uid3.png 

and i may have mentioned this before but just check your user ID agent settings and make sure none of them have a tick in "use as LDAP proxy".

  • 8970 Views
  • 30 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!