I'm in the process of setting up my company's new SA2500 to use our AD for authentication and LDAP for the attributes and such. But I can't for the life of me manage to get any users groups to work for the user realm (or admin realm for that matter).
After having done some Policy Traces, it seems that it has no problem establishing a connection with the DC's, and authenticating my account, but then when it comes time to map a user role it all craps out. The only time it will match the username to anything is when I specifically enter the username under the role rules. If I use a group nothing will work.
Not sure if it helps, but we're running 6.5R4 (build 15551) on our SA2500. I've confirmed that the box has successfully joined the AD using the domain account credentials I provided. The LDAP config is also setup to use LDAPS connection to the DC's on port 636.
If need be I can post more info about my LDAP config (I've also attached a screenshot of the config as well), I'm just not sure what all would be useful. In the screen shot you'll notice I've presently got the reverse group search option selection, but I should note that I've also tried disabling that, as well as manually specifying the primaryGroupID attribute in the Server Catalog and no luck.
Thanks for any help you guys have to offer!
for me i do not put anythign in the filter where you ahve the cn=<GROUPNAME> and member attribute is member query attribute is blank and nested groups i went with 15 (over kill)
also when you go to create a rule in the realm for a role if you choose group member ship and than choose search does it find all the group names?
Did you try to put
samaccountname=<USER> as filter in "Finding user entries" section
and remove "groups" in Query Attribute in "Determning group membership section"