How do you setup nested groups in Reporter, version 9.2.x?
I hear Reporter, version 9.2.x , has a new feature where you can search for nested groups. How do I use this?
Where do I set up the new 'nested group' feature.
What does the "is in LDAP group" feature mean, and how do I set it up?
This new feature is configured by use of a check box, when you go to configure your Role Based Services, in Reporter.
With reporter, version 9.2x, there are two places you can setup nested groups.
1: The first location is in the LDAP group configuration wizard where we link a ROLE to LDAP group. Here we allowing everyone in this LDAP group to have the same privileges given to this role. Reporter, while authenticating the user using the LDAP protocol, also ensures that this user is allowed access to the database based on group membership. To setup this up follow these steps.
2: The next location you will see an option to set Nested groups is in Role configuration wizard, where we are restricting access to parts of a database, based on LDAP group membership. Here we set a user filter up, and locate a LDAP group we want this user to be restricted to, thereby only allowing this user to see those parts of that database that contain this group information. To set this up, follow these steps.
Note on group membership syntax: Often your group information, as collected in the access log, will be presented in a slightly different syntax than the LDAP protocol declares it. Here, you will need to check your database configuration, to ensure they match. To do this, follow these steps.
All access logs can be unzipped, and opened with a text editor, which we suggest you do, to ensure these two match. Look for the cs-groupname access log field. For more information on the proper access log fields, required by Reporter, see FAQ282
NOTE1: Turning on this 'Nested groups feature means that every group you look at in AD will be searched for a match to the 'member of' attribute. And, then those groups will be searched as well. Bluecoat recommends you talk to your AD, or eDirectory administrator first before turning on this feature.
NOTE2: For information on setting up the entire LDAP realm please see KB3353
NOTE3: For informatoin on troubleshooting LDAP, see FAQ383
NOTE4: For a list of the LDAP error codes you may see in the journal see FAQ813
Rate this Page
Please take a moment to complete this form to help us better serve you.