Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
scerazy
New Contributor III

6.2 Active Directory Recursive Search Option vs 5.6 LDAP Nested Group settings

Does the new settings in 6.2 directly replaces LDAP Nested Group settings in 5.6

 

Does config gets upgraded (on firmware upgrade) or one needs to remove old settings & replace them with new MANUALLY?

 

Seb

3 REPLIES 3
xsilver_FTNT
Staff
Staff

Hi Seb,

 

as you might get tested by yourself, then: - it is NOT full replacement of group filter, as new option 'search-type recursive' will NOT return built-in user groups from AD - firmware upgrade will NOT update and replace your custom group-filter with 'search-type recursive', however there is no need to panic as your old group-filter will still work in 6.2. If you want to change, you'll need to do it manually. Retested on 6.0.4 and 6.2.0 and FortiGate VM upgraded via FortiGuard. Thanks for hint, I'll start with upgrade of the KB.

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

scerazy
New Contributor III

Sorry, could you clarify? - "will NOT return built-in user groups from AD" - you do mean literally AD built-in user groups

 

Which itself is not an issue (I expect for anybody), as none of these groups would be used for webfiltering etc)

 

But it does return all user custom-made groups, right?

 

Seb

xsilver_FTNT

Hi Seb,

yes I mean none of AD Builtin user groups like 'Remote Desktop Users' is returned with search-type = recursive, while those are returned with group-filter mentioned in KB. I also do not think it's a big issue as most often deployments do use custom groups to categorize users to access right groups and all those, including nested groups, are returned OK.

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

Labels
Top Kudoed Authors