How to Work with User-ID and OpenLDAP Dynamic Groups

How to Work with User-ID and OpenLDAP Dynamic Groups

10566
Created On 09/25/18 19:25 PM - Last Modified 02/07/19 23:58 PM


Resolution

As of PAN-OS 5.0.x, the User-ID module can read only LDAP groups and not attributes, but there are scenarios that require the firewall to interact with some attribute. With OpenLDAP, there's an interesting workaround based upon the utilization of dynamic groups, built upon these attributes. This tech note discusses the use case and shows how to configure both the OpenLDAP server and the Palo Alto Networks firewall in order to integrate both.

 

owner: jdiaz



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClYPCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language