Solutions

LDAP user authorization works but LDAP group authorization fails

Solutions ID:    KB1036
Version:    2.0
Status:    Published
Published date:    03/02/2009
Updated:    03/16/2009
 

Problem Description

LDAP user authorization works but LDAP group authorization fails
The user is a member of the group, but LDAP is still denying the user access to the resource

Resolution

Here are a few possible reasons this might happen:

  1. If you are using iPlanet:
    The Port 80 Security Appliance may be configured to look at the user record for the group membership information instead of the group record. To verify your Security Appliance group membership settings go to Management-Security-LDAP General and verify that it is configured for Membership Type "group" and Membership Attribute "uniquemember".
  2. If you are using Active Directory:
    The Port 80 Security Appliance may be configured to look at the group record for the group membership information instead of the user record. To verify your Port 80 Security Appliance group membership settings go to Management-Security-LDAP General and verify that it is configured for Membership Type "user" and Membership Attribute "memberof".
  3. There may be a problem with the FQDN of the group in the Policy. To verify the FQDN of the group use the LDAP Browser Tool.

You can get a packet capture (pcap) to see what shows up on the wire.  The packet capture may provide additional information as to the source of the problem.


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question