Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Yes, we verified it OK on 5.6.1 release.
hzhao_FTNT wrote:could you try: Group equal to "ABC-XY-Information Technology"
By design, when there is a space, we have to use double quotation in filter.
I hadn't thought to do that, so I've tried it now. However I'm unable to type double quotation within that field. I can type all other "special characters", but not the double quotation mark. I can't even paste a double quotation into the field. Weird. I've tried with both Chrome and IE11.
You are right, I can not input double quotation either. I will check with dev team to see if it is a bug or new design.
Thanks,
hz
Confirmed from GUI team. It is a new feature that we do not allow user to input double quotation. When user input space, double quotation will be added automatically. We do have issue for query group name contains space, it will return (false) in back end. I will open a bug for it.
Thanks,
hz
I want to create a FortiAnalyzer report where user belongs to a particular group or organizational unit.
LDAP Query option in report filter is still working for this purpose in 5.6.1 ?
Yes, we verified it OK on 5.6.1 release.
Thanks.
There's a step by step guide to get it working?
I tried using GUI and CLI as mentioned in this thread but filter don't work.
I can't filter reports based on LDAP OU.
Hi there, if you followed steps in above threads but ldap filter still doesn't work, please open a support ticket in FortiCare.
Regards,
hz
Hello,
I have a request from the customer to search for the users in LDAP and create a report according to the group membership which is exatly what is described above.
My problem is that we have KERBEROS authentication when the username in the logs looks like this: username@DOMAIN.COM
Probably that is the problem as the LDAP query returns the results such as: CN=user,OU=test,DC=domain,DC=com
The CN is returned as a result but not the UPN (userPrincipalName) - the UPN should help maybe?
Is there a solution to get it work with KERBEROS authenticated users?
AtiT
Hi AtiT,
I don't have environment for LDAP with KERBEROS, maybe you can modify your ldap server setting on FAZ with UPN and give it a try:
config sys admin ldap
ed <ldap-server>
set cnid userPrincipalName
set attributes member,userPrincipalName
end
Thank you for your reply, unfortunatelly it does not work.
AtiT
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1662 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.