Solved: Re: Group membership LDAP lookup

Pulse_elo · ‎06-18-2019

Hi,

I have an issue with group membership when I search one group I have a "Time Out".

And when I do a search, I have nothing. I use for authentication server, my Domain Controller (with LDAP, Active Directory). I tried with username and it's work but not with groupname.

My configuration:

Base DN: dc=ELBA,dc=home

Filter: cn=<GROUPNAME>

Member Attribute: member

Query Attribute: empty

Nested Group Level: 5

Nested Group Search: Search all nested groups

Could you help me?

Thanks.

zanyterp · ‎06-18-2019

If you change to memberOf, does it work?
What does your TCP dump show?
Is the group nested five levels deep?
Do any of your groups come back? If yes, is there anything obviously different on the working and failing?
If you really need to search that many levels, you probably need to increase your timeout value from the default 60 seconds to 120 or 180 seconds.

View solution in original post

zanyterp · ‎06-18-2019

If you change to memberOf, does it work?
What does your TCP dump show?
Is the group nested five levels deep?
Do any of your groups come back? If yes, is there anything obviously different on the working and failing?
If you really need to search that many levels, you probably need to increase your timeout value from the default 60 seconds to 120 or 180 seconds.

[email protected] · ‎06-19-2019

In addition to @zanyterp suggestions (mainly about changing the group search attribute to MemberOf), can you please also try to search for the groups under a specific OU (where the desired groups are present), instead of searching the entire DC path and see if makes any difference.

Pulse Connect Secure Certified Expert

Pulse_elo · ‎06-19-2019

Hi,

Thanks, it works.

I change timeout value from the default 60 seconds to 180 seconds.

zanyterp · ‎06-20-2019

you are welcome; glad to hear it works