LDAP user authorization works but LDAP group authorization fails

Solution

Overview

LDAP user authorization works but LDAP group authorization fails
The user is a member of the group, but LDAP is still denying the user access to the resource

Cause
Resolution

Here are a few possible reasons this might happen:

  1. If you are using iPlanet:
    The Port 80 Security Appliance may be configured to look at the user record for the group membership information instead of the group record. To verify your Security Appliance group membership settings go to Management-Security-LDAP General and verify that it is configured for Membership Type "group" and Membership Attribute "uniquemember".
  2. If you are using Active Directory:
    The Port 80 Security Appliance may be configured to look at the group record for the group membership information instead of the user record. To verify your Port 80 Security Appliance group membership settings go to Management-Security-LDAP General and verify that it is configured for Membership Type "user" and Membership Attribute "memberof".
  3. There may be a problem with the FQDN of the group in the Policy. To verify the FQDN of the group use the LDAP Browser Tool.

You can get a packet capture (pcap) to see what shows up on the wire.  The packet capture may provide additional information as to the source of the problem.

Workaround
Additional Information
Bug Number
InQuira Doc IdKB1036
Attachment

Article Feedback

Did this Article solve your issue?
Additional Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat