Hoping you can help, is it possible for the User-ID_LDAP Agent to communicate and get IP Mapping from a Lotus Domino directory server ?
I believe the answer is no based on this info found ina KPoint posting.
PANOS 3.1 and above.
While you can use any LDAP server for SSL VPN, Captive Portal or Admin access, the User-ID agent is supported by eDirectory. eDirectory modifies an attribute that most LDAP schemas do not contain; networkAddress. The PAN decrypts this field which is stored as a combination of IP address and a 1,3, or 9 to indicate whether the connection is TCP, UDP or whether a TCP port is included. The User-ID agent converts this to an IP address. Additionally, the Timestamp attribute is modified to query only changed entries. Only eDirectory 8.8 is supported because the LDAP Page Control specs are utilized, which are not supported in earlier versions of eDirectory.
Well, I'll go the opposite way and say it might be possible, but it will be tricky. Tricky meaning manual labor ;-)
The LDAP-agent has the UID XML-api that can be used to push user-ip mappings in to the PAN-device. As I said, it is an API, so it does involve some development on your end to poll data from your Domino server and feed the API. I suggest you look in to it, just might be doable :smileyhappy:
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!