Bug found in 5.0.10: I have solved this case. We are a Norwegian company, with a Scandinavian character in our name (ø), and this has been used for the OU containing most of our users, computers and groups. To see if this could be an issue, I created a new group and moved it to "OU=Users,DC=domain,DC=local", and added it to the group mapping, along with the existing groups which were already present, and located under a OU with ø in it's name. From CLI, doing "show user group-mapping state "Default groups", the new group was the only one shown, and number of groups was shown as 1, despite over ten groups being added to the group mapping. Then, doing "show user group name ?", showed the lowercase ø being written as "ø", so all attempts to look up items located under this OU failed. Issue would also occur if the user group name contained the character. I assume this also goes for other non-English characters, and it did work in all versions prior to 5.0.10 that I have run. Now I only hope that someone from Palo Alto Networks actually sees this, and that it will be fixed in an upcoming version.
... View more