Re: FP Realm not downloading AD users and groups

sturgill · ‎08-01-2019

I am trying to set up an AD realm. The directory test passes and I think I have the realm config correct, but when I try to user download, the job completes but finds no users or groups. I have the base and group DN set for the top of the tree (a very small tree), but I have tried pointing either to a specific OU that contains users or groups. I have my directory using port 389 (and as I've said, the test there works). Any ideas? Thanks.

BasavarajNingappa6558 · ‎08-01-2019

Hi,

Can you tell us what error are you getting ?

can you paste the screen shot of the base dn settings

Thanks

Basavaraj

sturgill · ‎08-02-2019

I attached a screenshot. There's really no error. It completes, says LDAP download successful, 0 groups, 0 users downloaded.

sturgill · ‎08-02-2019

Both base and group dn = dc=CyberSEC,cd=VINU. This is basically the top of the tree. It is how I do my other FirePower device, just a different tree/domain, but I use the top of the tree there also (for both).

Marvin Rhoads · ‎08-02-2019

My working configuration in the lab looks like this:

Basically both the Base and Group distinguished names (DNs) are structured with Domain Components (DCs) as follows:

dc=<first field of your fully-qualified AD domain name>, dc= <second field>, etc. up to the top level domain.

sturgill · ‎08-05-2019

I got it!!! I'm being blonde. It was a typo. I had dc=cybersec,cd=vinu. Duh. Thanks for working with me.

Marvin Rhoads · ‎08-05-2019

I had noticed that and thought it was just a typo of how you put it into the forum. :)