User-ID LDAP syntax in rule

L1 Bithead

User-ID LDAP syntax in rule

In the group mapping UserID template, we use LDAP syntax (CN=...., OU=...), but in rules, I have always seen Source User expressed  in lanman syntax, Domain\User or ...\Group.  Is it possible to use the LDAP syntax in the rule as well, and is there and advantage either way?

Tags (2)
Cyber Elite



I have not seen LDAP syntax, used in Policies, so I do not believe that functionality is readily configurable and available on the FWs.

I think the solution support domain\group or domain\user, so if this is what the vendor wants to support as their format, I see no problems.


Been instructor and PS for 7 years, and the lanman format is good for me.

Help the community: Like helpful comments and mark solutions
L1 Bithead

Either one works for me, although it seems like if the query can be done via LDAP syntax it would be more efficient and precise.  I did notice that the rule will accept LDAP syntax, but have not tested it beyond a commit validation.

More of an academic q: really.  Thank you.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!