====== User-ID Group Mapping======

=====Test Commands=====
To list the number of group mappings:
<code>show user group list</code>
To list the members of a particular group show in the results of <code>show user group list</code>
<code>show user group name "cn=some groupname with whitespace,ou=AnOUname,ou=AnotherOUname,dc=example,dc=com"</code>
To force the firewall to refresh the members of groups from a particular group mapping:
<code>debug user-id reset group-mapping NameOfGroupMapping</code>
and 
<code>debug user-id clear group all</code>

=====Misc=====
  * When creating an authentication profile for firewall administrators, remember, if you are using a group mapping, set the admin accounts to use an Authentication Sequence that only contains the authentication profile.
  * Add the NetBIOS domain name (''example'' rather than ''example.local'') to the user domain field on the authentication profile.
  * In the past, when moving a group that had previously only had 'dc' and 'cn' in its full path to a path that also contains 'ou', I had to remove 'sAMAccountName' from the Authentication Profiles that used that group to make the Authentication profiles work. I also had to ensure that the domain (e.g. ''example'' rather than ''example.local'') was in the Authentication Profile configuration.
  * If you set an "Allow List" you must ensure you enter the group name in ***lower case*** (that included the CN, OU, etc)