cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who Me Too'd this topic

Google LDAP Auth for Global Protect

L0 Member

Has anyone been able to use the Google LDAP service for authentication for GlobalProtect users?  I haven't been able to get the firewall to successfully connect to the Google LDAP service.  Google suggests cert based authentication to the service and provides a cert but the firewall rejects the import with the following error 

 

"Import of google-ldap failed. Only self signed CA certificates can have identical subject and issuer fields."

 

I have also attempted a test via the cli and get the following.

 

admin@fw01> test authentication authentication-profile gsuite-ldap username xyz password
Enter password : 

Target vsys is not specified, user "xyz" is assumed to be configured with a shared auth profile.

Do allow list check before sending out authentication request...
name "xyz" is in group "all"

Authentication to LDAP server at ldap.google.com for user "xyz"
Egress: 10.12.29.8
Type of authentication: GSSAPI
Starting LDAPS connection...
Failed to create a session with LDAP server
Authentication failed against LDAP server at ldap.google.com:636 for user "xyz"


Authentication failed for user "xyz"

 

Any help would be much appreciated!

Who Me Too'd this topic