User-ID Group Mappings Not Working When Located in an OU with Comma or Ampersand

User-ID Group Mappings Not Working When Located in an OU with Comma or Ampersand

18508
Created On 09/26/18 13:55 PM - Last Modified 02/07/19 23:40 PM


Resolution

Issue

Some of your group mappings do not work on the Palo Alto Networks firewall. The mappings are in the include list. However, they do not show any members when running the show user group name <group name> command or do not appear when running the show user group list command. These groups will not function when used in any security policies.

When browsing to the group, when setting up the include list, the group will not show up:

Or when filtering on the group name, the group name will be blank and the OU hierarchy will be out of order:

Resolution

Rename the OU to remove any comma or ampersand characters. These characters are used as separators within the LDAP binding string and will cause problems.

owner: jteetsel



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/kCSArticleDetail?id=kA10g000000Cm1w&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FkCSArticleDetail

Attachments
Choose Language