LDAP can customize any permissions to any object, also the users can be members of multiple groups.
LDAP can replicate the directory by adding domain controllers and account lockout policy and password history features for security.
Below you can find the steps to be followed while enabling LDAP in the Palo Alto firewall:
STEP1: Open LDAP profile:
LDAP and click Add button.
STEP2: Create LDAP Server profile:
Enter a Profile Name to identify the server profile;
Fill out the LDAP server IP address with port 636 (LDAP over SSL/TLS);
Select the server Type from the drop-down: active-directory;
Fill out the Base DN, bind DN and the password;
Check off SSL/TLS box and click on OK button.
STEP3: Commit the configuration:
Author: Eric Uwonkunda Ngabonziza