LDAP connectivity is lost after adding a new LDAP server or editing the IP address of an existing one.

LDAP connectivity is lost after adding a new LDAP server or editing the IP address of an existing one.

5527
Created On 08/27/21 14:29 PM - Last Modified 08/31/21 17:15 PM


Symptom


After adding a new LDAP server or editing the IP of an existing one, under >LDAP Server Profile: The user-IP mapping is lost and connectivity to the LDAP server is down.

Environment


PAN-OS: All PAN-OS versions with LDAP Server Profile configured. 

Cause


The current configuration has an LDAP server configured under >LDAP Server Profile: 

LDAP Server profile: Only one server configured


If a new LDAP server is added, the LDAP Server Profile binding password is automatically deleted: 
LDAP binding password deleted

The same behavior happens if the IP address of an existing server is changed:

LDAP Server IP is changed
 

Resolution


  1. Configure the Server List first with all of your LDAP servers and then add the binding service account information.
  2. If you need to edit the Server List, ensure to save the binding service account password:
  3. Do the proper changes and re-enter the password.
  4. Commit your changes.

Additional Information


A configuration log is generated after the change is saved, where we can validate that the password is deleted. 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004Li3CAE&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language