This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
David_Herselman
Contributor
‎2018-09-12 01:49 PM

Recursive group membership not working for Office Mode

We defined an LDAP group referencing our AD:

Name: AD_vpn_access

Account Unit: ad.lair.co.za__AD

Group's scope: Only group in branch (DN prefix)

Prefix: CN=vpn_access,OU=Firewall,OU=Security Groups,OU=Syrex

We then link this through to the Mobile Access Office Mode settings:

Nested LDAP groups work perfectly for security policy firewall rules but VPN access is not granted unless members are direct members of the vpn_access AD security group.

Is this a bug, known limitation or is there a setting I should be changing somewhere?

0 Kudos
Reply
3 Replies
PhoneBoy
Admin
Admin
‎2018-09-12 03:40 PM

Operating as designed per the following sk: Mobile Access and Endpoint clients LDAP nested groups are not enforced correctly 

Reply
David_Herselman
Contributor
‎2018-09-13 03:21 AM
In response to PhoneBoy

Hi Dameon,

Would you possibly know where we can go to have this logged as a feature request? The internal components to recursively resolve nested LDAP group memberships is in the code base already...

0 Kudos
Reply
G_W_Albrecht
Champion
Champion
‎2018-09-13 03:58 AM
In response to David_Herselman

Here you go:http://www.checkpoint.com/rfe/rfe.htm Smiley Happy

0 Kudos
Reply