cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Who Me Too'd this topic

Google LDAP Auth for Global Protect

L0 Member

Has anyone been able to use the Google LDAP service for authentication for GlobalProtect users?  I haven't been able to get the firewall to successfully connect to the Google LDAP service.  Google suggests cert based authentication to the service and provides a cert but the firewall rejects the import with the following error 

 

"Import of google-ldap failed. Only self signed CA certificates can have identical subject and issuer fields."

 

I have also attempted a test via the cli and get the following.

 

admin@fw01> test authentication authentication-profile gsuite-ldap username xyz password
Enter password : 

Target vsys is not specified, user "xyz" is assumed to be configured with a shared auth profile.

Do allow list check before sending out authentication request...
name "xyz" is in group "all"

Authentication to LDAP server at ldap.google.com for user "xyz"
Egress: 10.12.29.8
Type of authentication: GSSAPI
Starting LDAPS connection...
Failed to create a session with LDAP server
Authentication failed against LDAP server at ldap.google.com:636 for user "xyz"


Authentication failed for user "xyz"

 

Any help would be much appreciated!

Who Me Too'd this topic