02-12-2021 08:18 PM
Has anyone been able to use the Google LDAP service for authentication for GlobalProtect users? I haven't been able to get the firewall to successfully connect to the Google LDAP service. Google suggests cert based authentication to the service and provides a cert but the firewall rejects the import with the following error
"Import of google-ldap failed. Only self signed CA certificates can have identical subject and issuer fields."
I have also attempted a test via the cli and get the following.
admin@fw01> test authentication authentication-profile gsuite-ldap username xyz password Enter password : Target vsys is not specified, user "xyz" is assumed to be configured with a shared auth profile. Do allow list check before sending out authentication request... name "xyz" is in group "all" Authentication to LDAP server at ldap.google.com for user "xyz" Egress: 10.12.29.8 Type of authentication: GSSAPI Starting LDAPS connection... Failed to create a session with LDAP server Authentication failed against LDAP server at ldap.google.com:636 for user "xyz" Authentication failed for user "xyz"
Any help would be much appreciated!