Showing results for 
Search instead for 
Did you mean: 

Active Directory Groups not recognized

Not applicable

Active Directory Groups not recognized

Hey all,

I'm in the process of setting up my company's new SA2500 to use our AD for authentication and LDAP for the attributes and such. But I can't for the life of me manage to get any users groups to work for the user realm (or admin realm for that matter).

After having done some Policy Traces, it seems that it has no problem establishing a connection with the DC's, and authenticating my account, but then when it comes time to map a user role it all craps out. The only time it will match the username to anything is when I specifically enter the username under the role rules. If I use a group nothing will work.

Not sure if it helps, but we're running 6.5R4 (build 15551) on our SA2500. I've confirmed that the box has successfully joined the AD using the domain account credentials I provided. The LDAP config is also setup to use LDAPS connection to the DC's on port 636.

If need be I can post more info about my LDAP config (I've also attached a screenshot of the config as well), I'm just not sure what all would be useful. In the screen shot you'll notice I've presently got the reverse group search option selection, but I should note that I've also tried disabling that, as well as manually specifying the primaryGroupID attribute in the Server Catalog and no luck.

Thanks for any help you guys have to offer!


Super Contributor

Re: Active Directory Groups not recognized

for me i do not put anythign in the filter where you ahve the cn=<GROUPNAME> and member attribute is member query attribute is blank and nested groups i went with 15 (over kill)

also when you go to create a rule in the realm for a role Smiley Happy if you choose group member ship and than choose search does it find all the group names?


Re: Active Directory Groups not recognized

Did you try to put

samaccountname=<USER> as filter in "Finding user entries" section

and remove "groups" in Query Attribute in "Determning group membership section"