5.4.1 - Unable to LDAP filter for memberOf a group
I believe this was an issue with older versions of FortiOS previously. When going to Authentication -> User Management -> User Groups, I hit create and target my remote LDAP (Windows AD), and try to specify the LDAP filter. The filter returns nothing when trying to use the memberOf property to grab members of a specific AD group. When using the information from the Administration Guide to create the filter as per the example, it also fails. I can add the group directly (Windows AD group under User Group), but it won't recognize the users within the group when I try to use FortiToken.
If I go to Authentication -> Remote Auth. Servers -> LDAP -> My Win AD Setup -> Remote LDAP Users -> Import users by group memberships, this will work.
Is there a way around this, or to make it work? The best I've come up with is to import the users by group memberships, and then in User Groups select the "Set a list of imported remote LDAP users". But this is a manual process with two steps, whereas I was hoping to have it just work off a group, so in future if I want to add someone, I just add them to the Windows AD group.