![]() config user ldapġ) Group-filter option is not automatically changed to recursive search-type during upgrade process, because group-filter might be more customized than the above mentioned simple example.Ģ) Group-filter option used in FortiOS 5.6-6.0 is still valid in FortiOS 6.2 and works as before, so there is no changes needed manually.ģ) Once search-type is set, group-filter option will be hidden and disabled! So use either simple search-type or complex group filter.Ĥ) Another point of view is CPU load on DC, as group-filter is passed to LDAP in query and all the group processing is done by DC, which might be CPU intensive if the filter is not specific enough. It brings similar results as older 'nested' option, but in contrast to group-filter the results do not contain AD Builtin (CN=Builtin,DC=YourDomain.) user groups. ![]() ![]() Since FortiOS 6.2.0, there is ' search-type recursive' in user LDAP config and this option is still in CLI only. On FortiOS 5.6 and 6.0 the ' search-type nested' option was replaced with more flexible group-filter setting in LDAP user configuration. Note: The option 'nested' is replaced with 'recursive' However, in FortiOS 6.2, ' search-type recursive' is available. In FortiOS 5.6 and 6.0, ' search-type nested' was replaced with ' extended group-filter'. On the previous versions of FortiOS, ' set search-type nested' option was available, in which on FortiOS 5.6 and 6.0 are not available. In order to authenticate user via LDAP while the user is not a direct member of the group, but member of nested group, set FortiGate in the way it will be able to check for nested groups inside LDAP.īy default, any nested group check support is disabled. This article describes how to modify the LDAP Nested group settings.
0 Comments
Leave a Reply. |