Modifying LDAP Locally Imported User group, policies are applied based on previous group membership

Description

When users are imported from LDAP, you can set group membership for those users locally. However, these new settings are not taken in consideration when applying the policies to the users.

Cause

SonicOS is always querying the LDAP server for group membership because that should be more up-to-date. So if the configuration of the local user is different from LDAP user, the policies will be applied based on LDAP User's group membership.

Resolution

If you want to set/modify group membership and users options locally, you should enable the option " User group memberships can be set locally by duplicating LDAP user names " available on Users | Settings | Configure LDAP | Users tab.

Enabling that option will allow you to modify LDAP users configuration locally instead of modifying the one on the LDAP server.

Related Articles

  • SSH password authentication fails after OpenSSH upgrade
    Read More
  • Where can I download SonicWall stencils?
    Read More
  • Configuring High Availability Monitoring settings
    Read More

Categories

Firewalls
SonicWall NSA Series
Firewalls
SonicWall SuperMassive 9000 Series
Firewalls
SonicWall SuperMassive E10000 Series
Firewalls
TZ Series
not finding your answers?
Ask the Community
Chat