cancel
Showing results for 
Search instead for 
Did you mean: 

MAG2600 ssl vpn - cannot use role mapping based on domain users group

Highlighted
New Contributor

MAG2600 ssl vpn - cannot use role mapping based on domain users group

I want to create default role for all domain users to be able to login the ssl-vpn website, when I use role mapping based on domain users membership it doesn't work, when I try to do it on Domain Admins group for testing it works fine.
I also tried to create new group and added domain users to this group still doesn't work. I added my username to the new group for testing and it works fine.

the only problem is with domain users group, the LDAP work fine.

thenk you for the help
1 REPLY 1
Highlighted
Moderator

Re: MAG2600 ssl vpn - cannot use role mapping based on domain users group

Yes, the domain users group cannot be used for group membership lookup with LDAP.
In order to do that, you need to attribute-based mapping rules and add the attribute of principalGroupID to the LDAP catalog. Once you have that in place, the rule is (historically) principalGroupID = 513

Please see https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB2527 [url]https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB2527[/url] for more information on when this needs to be used