User Identification - 4.1 LDAP - AD

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

User Identification - 4.1 LDAP - AD

L1 Bithead

Hi,

I have upgraded to 4.1 and added a ldap-server profile to the config so the firewall does the query instead of the user-id-agent.

When I go to group-mappings settings ( under user-identification ) and select the tab 'Group Include List',
I can see the whole AD-tree-structure, but I cannot view the last part: the group itself.

Has anybody seen this behavior ?

Kind regards,

Paul

1 accepted solution

Accepted Solutions

L0 Member

Yes i saw the same behaviour. Support said it was a bug. To add the groups required i used the search feature above the LDAP tree. That seemed to work even though i could browse for the groups.

Also keep in mind with the LDAP config the domain name i need to use the NETBIOS domain name not the full DNS name.

View solution in original post

3 REPLIES 3

L0 Member

Yes i saw the same behaviour. Support said it was a bug. To add the groups required i used the search feature above the LDAP tree. That seemed to work even though i could browse for the groups.

Also keep in mind with the LDAP config the domain name i need to use the NETBIOS domain name not the full DNS name.

Yes!

Apparantly it's working when you search for the EXACT name for the group.

but:

The normal listing works when you make your base "deep" enough in the ldap-server-profile.

so yes, I think it is a bug 🙂

Kind regards,

Paul

L3 Networker

I am seeing the exact same behaviour - I am typing in the group names exactly and I do get a match. Unfortunately when I go to the command line and do "show user group name <group name>" I can get all to work apart from Domain Users. This group just returns an empty list which has meant the rules previously based on that - namely web access, have failed. This has obviously upset a few people...

The group lookup issue is a dissapointing bug - surely a complete lack of testing on something quite important...

  • 1 accepted solution
  • 2967 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!