This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

show user group list - Shows custom group only

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

show user group list - Shows custom group only

MP18
Cyber Elite
Cyber Elite

‎04-02-2019 09:00 PM

Under group mappings of LDAP i have so many AD groups.

 

But when i run below command 

 

show user group list


Total: 1
1* : Custom Group

 

IT does not show me any group names from AD?

what is the reason for that?

 

Also what is difference between Custom group and AD groups in LDAP?

MP

Help the community: Like helpful comments and mark solutions.
0 Likes Likes
30 REPLIES 30

Mick_Ball
L7 Applicator

‎04-03-2019 06:15 AM

do you have the correct setting in device/user identification/group mapping settings/server profile/group objects/object class

 

this needs to set to group. if set to user it will not show in cli

 

gid.png

 

AD groups are all users with the group attribute of "member"

 

custom groups are defined from an attribute of your choice, in affect...   a custom group...

0 Likes Likes

MP18
Cyber Elite
Cyber Elite
In response to Mick_Ball

‎04-03-2019 06:54 AM

I have same settings as you have shown

MP

Help the community: Like helpful comments and mark solutions.
0 Likes Likes

Mick_Ball
L7 Applicator
In response to MP18

‎04-03-2019 07:10 AM

and are your groups listed in "included groups" as below

 

uid2.png

0 Likes Likes

MP18
Cyber Elite
Cyber Elite
In response to Mick_Ball

‎04-03-2019 07:12 AM

yes i have as you mentioned.

MP

Help the community: Like helpful comments and mark solutions.
0 Likes Likes

Mick_Ball
L7 Applicator
In response to MP18

‎04-03-2019 07:29 AM

try...

 

show user group-mapping state all

 

 

can you see a line with "proxy state"

 

if you can then go to user-id agents and remove "use as ldap proxy"

0 Likes Likes

MP18
Cyber Elite
Cyber Elite
In response to Mick_Ball

‎04-03-2019 08:06 AM

no i do not see line with proxy state

MP

Help the community: Like helpful comments and mark solutions.
0 Likes Likes

Mick_Ball
L7 Applicator
In response to MP18

‎04-03-2019 08:10 AM

are you running multi VSYS?

0 Likes Likes

MP18
Cyber Elite
Cyber Elite
In response to Mick_Ball

‎04-03-2019 08:16 AM

Not running multivsys

MP

Help the community: Like helpful comments and mark solutions.
0 Likes Likes

Mick_Ball
L7 Applicator
In response to MP18

‎04-03-2019 08:24 AM - edited ‎04-03-2019 08:33 AM

show user group-mapping statistics

 

 

how many groups are numbered here?

 

 

 

do you use policies based on group mappings and do they work?

0 Likes Likes

Mick_Ball
L7 Applicator
In response to Mick_Ball

‎04-03-2019 08:29 AM - edited ‎04-03-2019 08:35 AM

also can you post a screen shot of the group include section.

 

 

0 Likes Likes

MP18
Cyber Elite
Cyber Elite
In response to Mick_Ball

‎04-03-2019 08:48 AM

show user group-mapping statistics

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Name Vsys Groups Last-Action(secs) Next-Action(secs)
---------------------------------------------------------------------------
Group_Mapping_1 vsys1 11 2587 secs ago(took 0 secs) In 1013 secs
Group_Mapping_2 vsys1 8 2590 secs ago(took 0 secs) In 1010 secs

 

 

yes i use group mapping in policies and  they work

MP

Help the community: Like helpful comments and mark solutions.
0 Likes Likes

MP18
Cyber Elite
Cyber Elite
In response to Mick_Ball

‎04-03-2019 08:54 AM

Added

MP

Help the community: Like helpful comments and mark solutions.
0 Likes Likes

Mick_Ball
L7 Applicator
In response to MP18

‎04-03-2019 09:23 AM

in your screen shot i cannot see the OU for any of the groups.

 

could you find one of the groups in the available list and make sure it has no special characters in the OU.  as below.

 

if my OU was called developer&objects it would not show in CLI.

 

uid3.png 

0 Likes Likes

Mick_Ball
L7 Applicator
In response to MP18

‎04-03-2019 09:24 AM

and i may have mentioned this before but just check your user ID agent settings and make sure none of them have a tick in "use as LDAP proxy".

0 Likes Likes
  • 8975 Views
  • 30 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks