USERS AUTHENTICATED VIA LDAP ARE NOT PLACED IN THE CORRECT

Symptoms:

• Users authenticated via LDAP are not placed in the correct User Privileged Group
• How do I define a user so it is affected to the correct Privileged Group?
• Active directory is not providing the correct Privileged Group return attribute.

Facts:

• X5
• X506
• 3CRX5-U-96
• 3CRX5-25-96
• 3CRX506-96
• 3CRTPX506-96
• Active Directory
• eDirectory
• TOS 3.0.0
• Webfilter

Fixes: The LDAP server must return a MemberOf information to the X series which will contain the name of the group of which the user is a member of (The user and the User Group must be defined on the LDAP server for example in Active Directory for Windows Server).

The MemberOf group name return by the LDAP server must be the same name as the Privileged Group defined in the X series firewall (i.e. if in Active Directory the administrator has defined a user pom part of ldapgroup user group then the Privileged Group on the X series must also be named ldapgroup) .

From the X series LDAP test page a successful LDAP authentication should look something like that:

Trying bind with configured bind user: CN=pom,ou=ldapunit,dc=3COMGSOWIRELESS,dc=local
bind successful
using user search tree: ou=ldapunit,dc=3COMGSOWIRELESS,dc=local
sAMAccountName = pom
userPrincipalName = pom@3ComGSOWireless.local
memberOf = CN=ldapgroup,OU=ldapunit,DC=3ComGSOWireless,DC=local
Trying user bind: CN="pom",ou=ldapunit,dc=3COMGSOWIRELESS,dc=local
bind successful
matching priv-group: ldapgroup
chose group ldapgroup
Login Success
Test OK 

• Product(s): X Family
• Sub Product(s): X5, X506

— David Gonzalez 2021/04/07 16:18