This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
David_Herselman
Collaborator
‎2018-09-12 01:49 PM

Recursive group membership not working for Office Mode

We defined an LDAP group referencing our AD:

Name: AD_vpn_access

Account Unit: ad.lair.co.za__AD

Group's scope: Only group in branch (DN prefix)

Prefix: CN=vpn_access,OU=Firewall,OU=Security Groups,OU=Syrex

We then link this through to the Mobile Access Office Mode settings:

Nested LDAP groups work perfectly for security policy firewall rules but VPN access is not granted unless members are direct members of the vpn_access AD security group.

Is this a bug, known limitation or is there a setting I should be changing somewhere?

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2018-09-12 03:40 PM

Operating as designed per the following sk: Mobile Access and Endpoint clients LDAP nested groups are not enforced correctly 

David_Herselman
Collaborator
‎2018-09-13 03:21 AM
In response to PhoneBoy

Hi Dameon,

Would you possibly know where we can go to have this logged as a feature request? The internal components to recursively resolve nested LDAP group memberships is in the code base already...

0 Kudos
G_W_Albrecht
Legend
Legend
‎2018-09-13 03:58 AM
In response to David_Herselman

Here you go:http://www.checkpoint.com/rfe/rfe.htm Smiley Happy

CCSE CCTE SMB Specialist
0 Kudos