Configuring group mapping
If you are able to identify users on your network, you are also able to create security rules to allow or limit their access to certain resources. Role-Based Access Control (RBAC) can easily be enforced by binding LDAP groups to security policies, granting members of a certain organization within your company exclusive and reliable access to the resources they need wherever they go.
To get started, we need to create an LDAP profile so we can fetch group information. Go to Device | Server Profiles | LDAP and create a new profile. You will need one LDAP profile per domain in a multidomain or forest configuration.
There needs to be at least one server, but there can be up to four for redundancy. Don't forget to change the port (389
by default) if you're going to use TLS encryption:
- Add at least one server by IP or FQDN and set the appropriate port (
389 unencrypted, 636 for TLS
). - Set the type to
active-directory
unless you have a different...