Technical Tip: Remote wildcard admin user with same LDAP group with different administrator profile

Configure the LDAP server below:

config user ldap
    edit "ldap"
        set server "10.108.3.15"
        set cnid "sAMAccountName"
        set dn "dc=dxb-nse8,dc=lab"
        set type regular
        set username "cn=administrator,cn=users,dc=dxb-nse8,dc=lab"
        set password *
    next
end

Configure LDAP groups:

config user group

    edit "ldap_userss"
        set member "ldap"
            config match
                edit 1
                    set server-name "ldap"
                    set group-name "CN=Salesgrp,OU=Sales,DC=dxb-nse8,DC=lab"
                next
            end
    next
    edit "nse8grp"
        set member "ldap"
            config match
                edit 1
                    set server-name "ldap"
                    set group-name "CN=nse8grp,CN=Users,DC=dxb-nse8,DC=lab"
                next
            end
    next
end

Configure wildcard admin account with Super_admin profile:

Try to configure another wildcard admin account for the above user group with a different admin profile, then notice the warning message 'Another wildcard administrator with the same remote group exists'.

Then try to configure another wildcard admin account with a different user group and different admin profile, the user should be able to create the same.

Wildcard admin profile config from CLI:

config system admin

    edit "test.admind"
        set remote-auth enable
        set accprofile "super_admin"
        set vdom "root"
        set wildcard enable
        set remote-group "ldap_userss"
    next
    edit "testadd"
        set remote-auth enable
        set accprofile "prof_admin"
        set vdom "root"
        set wildcard enable

        set remote-group "nse8grp"
    next
end