Login Attributes for LDAP Authentication

Login Attributes for LDAP Authentication

0
Created On 09/26/18 13:47 PM - Last Modified 04/20/20 23:45 PM


Resolution


Details

The following attributes for LDAP authentication can be used:

  • Login= sAMAccountName
  • Firstname = givenName
  • Lastname  = sN
  • Email = mail

 

Under Authentication Profile, the above attributes are entered for the "Login Attribute" value:

 

 

Example

On Active Directory:

  • logon name: paloalto
  • Email: palo.alto@pan.com
  • First name: palo
  • Last name: alto

 

The ip-user-mappings (captive portal login) will show the following:

  • For attribute "sAMAccountName"
    192.168.163.100 vsys1 CP      pan\paloalto
  • For attribute "mail"
    192.168.163.100 vsys1 CP      pan\palo.alto
  • For attribute "givenName"
    192.168.163.100 vsys1 CP      pan\palo
  • For attribute "sN"
    192.168.163.100 vsys1 CP      pan\alto

Note: The same information will appear under Monitor > Logs > Traffic > Source User.

 

owner: rsingh
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClogCAC&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail