======USERS AUTHENTICATED VIA LDAP ARE NOT PLACED IN THE CORRECT======

**Symptoms:** 
  * Users authenticated via LDAP are not placed in the correct User Privileged Group  
  * How do I define a user so it is affected to the correct Privileged Group?  
  * Active directory is not providing the correct Privileged Group return attribute.  


**Facts:**
  * X5  
  * X506  
  * 3CRX5-U-96  
  * 3CRX5-25-96  
  * 3CRX506-96  
  * 3CRTPX506-96  
  * Active Directory  
  * eDirectory  
  * TOS 3.0.0  
  * Webfilter  


 
**Fixes:** The LDAP server must return a MemberOf information to the X series which will contain the name of the group of which the user is a member of (The user and the User Group must be defined on the LDAP server for example in Active Directory for Windows Server).

The MemberOf group name return by the LDAP server must be the same name as the Privileged Group defined in the X series firewall (i.e. if in Active Directory the administrator has defined a user pom part of ldapgroup user group then the Privileged Group on the X series must also be named ldapgroup) .

From the X series LDAP test page a successful LDAP authentication should look something like that:

  Trying bind with configured bind user: CN=pom,ou=ldapunit,dc=3COMGSOWIRELESS,dc=local
  bind successful
  using user search tree: ou=ldapunit,dc=3COMGSOWIRELESS,dc=local
  sAMAccountName = pom
  userPrincipalName = pom@3ComGSOWireless.local
  memberOf = CN=ldapgroup,OU=ldapunit,DC=3ComGSOWireless,DC=local
  Trying user bind: CN="pom",ou=ldapunit,dc=3COMGSOWIRELESS,dc=local
  bind successful
  matching priv-group: ldapgroup
  chose group ldapgroup
  Login Success
  Test OK 
  
  
  

------------------------

 
  * Product(s):  X Family  
  * Sub Product(s): X5, X506  
 


 --- //[[nce@itclatam.com|David Gonzalez]] 2021/04/07 16:18//