- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
LDAP Query
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, we verified it OK on 5.6.1 release.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did this get resolved? Can someone post a solution? Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
LDAP works OK on FAZ5.2.1 and 5.0.10.
hz
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hzhao_FTNT wrote:LDAP works OK on FAZ5.2.1 and 5.0.10.
Yes, it works on FAZ 5.2.1! Thanks! However, the feature still needs to be documented better (IMHO) and it still has a bug.
The bug: A packet sniff showed me that the LDAP group query truncated my group name at the first blank. When my report filter included "Group equal to ABC-XY-Information Technology", my report was empty and the LDAP packet showed only "ABC-XY-Information"; "Technology" had been truncated. However, it worked when I renamed the group in my directory replacing the blank with a hyphen, and then filtering on "Group equal to ABC-XY-Information-Technology".
The documentation: I had to use Change Case = Upper because user names are upper case in my Fortinet logs. And here is what worked in my LDAP configuration (Windows Active Directory environment).
cnid : cn dn : the distinguished name of either the root (dc=xyz,dc=com)
or the OU where the reporting groups are (ou=mygroups,dc=xyz,dc=com)
group : (null) worked for me; I didn't experiment with values. filter : I couldn't unset filter, but both of the following worked for me.
(|(objectclass=person)(objectclass=user))
(&(objectcategory=group)(member=*))
And seeing the these filter completely different objects,
I must conclude that this filter setting isn't used for report queries.
attributes : member worked for me. I was unable to unset it.
I had mixed results when I tried setting it to other values.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Xinger,
Thanks for your detailed testing. For "Group equal to ABC-XY-Information Technology", could you try:
Group equal to "ABC-XY-Information Technology"
By design, when there is a space, we have to use double quotation in filter.
Regards,
hz