How to Work with User-ID and OpenLDAP Dynamic Groups

How to Work with User-ID and OpenLDAP Dynamic Groups

15464
Created On 09/25/18 19:25 PM - Last Modified 06/01/23 03:36 AM


Resolution


As of PAN-OS 5.0.x, the User-ID module can read only LDAP groups and not attributes, but there are scenarios that require the firewall to interact with some attribute. With OpenLDAP, there's an interesting workaround based upon the utilization of dynamic groups, built upon these attributes. This tech note discusses the use case and shows how to configure both the OpenLDAP server and the Palo Alto Networks firewall in order to integrate both.

 

owner: jdiaz



Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClYPCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language