How to Configure LDAP Settings and Group Mapping for Apple Open Directory
18565
Created On 09/25/18 17:41 PM - Last Modified 06/07/23 10:15 AM
Resolution
Overview
This document describes how to configure the LDAP settings and Group Mapping for Apple Open Directory on a Palo Alto Networks device.
Steps
To connect to the Apple Open Directory:
- Navigate to Device > Server Profiles > LDAP
- Click 'Add' to bring up a new LDAP Server Profile dialog
- Select 'other' for Type
- For Bind DN, the default Apple Open Directory admin is uid=diradmin. The following image shows an example of a configured LDAP Server Profile for Apple Open Directory:
To configure Group Mapping:
- Go to Device > User Identification > Group Mapping Settings
- Click 'Add' to bring up a new Group Mapping dialog
- Select the configured Open Directory profile for Server Profile
- In the Group Objects section, enter 'apple-group' for the Object Class and 'memberUid' for the Group Member
- In the User Objects section, enter 'apple-user' for the Object Class and 'uid' for the User Name
owner: mbutt