Skip to main content
scerazy
scerazy
Visitor III
April 24, 2019
Question

6.2 Active Directory Recursive Search Option vs 5.6 LDAP Nested Group settings

  • April 24, 2019
  • 1 reply
  • 3444 views

Does the new settings in 6.2 directly replaces LDAP Nested Group settings in 5.6

 

Does config gets upgraded (on firmware upgrade) or one needs to remove old settings & replace them with new MANUALLY?

 

Seb

    1 reply

    xsilver_FTNT
    Staff
    xsilver_FTNT
    Staff
    April 25, 2019

    Hi Seb,

     

    as you might get tested by yourself, then: - it is NOT full replacement of group filter, as new option 'search-type recursive' will NOT return built-in user groups from AD - firmware upgrade will NOT update and replace your custom group-filter with 'search-type recursive', however there is no need to panic as your old group-filter will still work in 6.2. If you want to change, you'll need to do it manually. Retested on 6.0.4 and 6.2.0 and FortiGate VM upgraded via FortiGuard. Thanks for hint, I'll start with upgrade of the KB.

    scerazy
    scerazyAuthor
    Visitor III
    April 25, 2019

    Sorry, could you clarify? - "will NOT return built-in user groups from AD" - you do mean literally AD built-in user groups

     

    Which itself is not an issue (I expect for anybody), as none of these groups would be used for webfiltering etc)

     

    But it does return all user custom-made groups, right?

     

    Seb

    xsilver_FTNT
    Staff
    xsilver_FTNT
    Staff
    April 25, 2019

    Hi Seb,

    yes I mean none of AD Builtin user groups like 'Remote Desktop Users' is returned with search-type = recursive, while those are returned with group-filter mentioned in KB. I also do not think it's a big issue as most often deployments do use custom groups to categorize users to access right groups and all those, including nested groups, are returned OK.

    Terms & ConditionsAccessibility statement