LDAP connectivity is lost after adding a new LDAP server or editing the IP address of an existing one.
5521
Created On 08/27/21 14:29 PM - Last Modified 08/31/21 17:15 PM
Symptom
After adding a new LDAP server or editing the IP of an existing one, under >LDAP Server Profile: The user-IP mapping is lost and connectivity to the LDAP server is down.
Environment
PAN-OS: All PAN-OS versions with LDAP Server Profile configured.
Cause
The current configuration has an LDAP server configured under >LDAP Server Profile:
If a new LDAP server is added, the LDAP Server Profile binding password is automatically deleted:
The same behavior happens if the IP address of an existing server is changed:
Resolution
- Configure the Server List first with all of your LDAP servers and then add the binding service account information.
- If you need to edit the Server List, ensure to save the binding service account password:
- Do the proper changes and re-enter the password.
- Commit your changes.
Additional Information
A configuration log is generated after the change is saved, where we can validate that the password is deleted.