NAC AD SSO Mapping Rules

Unanswered Question
Oct 24th, 2009

Hi,

I've configured AD SSO and chose "ldap lookup server" to none and everything worked fine and put all users to default role in AD SSO configuration.

Now I need to configure different user role based on user membership in AD. So I configured lookup server and add it to AD SSO server. then confiured mapping rules and put "memberof" attribute in LDAP. But it doesn't work. still all users login to the default role, and it seems LDAP lookup server and mapping rules doesn't receive memberof attribute from AD.

any suggestion would be very appreciated.

thanks

Alex

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Faisal Sehbai Sat, 10/24/2009 - 20:06

Alex,

Check with Auth Test to see what attributes are being returned with your LDAP server.

Faisal

alex goshtaei Mon, 10/26/2009 - 14:30

Hi Faisal,

in auth test tab, I don't see AD SSO or lookup server as provider.

thanks again,

Alex

Faisal Sehbai Mon, 10/26/2009 - 16:14

Alex,

Depends on the version if they would be visible or not, but you can also setup a LDAP lookup server with the same settings as your lookup server and do an auth test with that.

HTH,

Faisal

rc.castillo Mon, 10/26/2009 - 23:02

Alex,

Check your string, it must be "memberOf", use capital "O". also, there must be no spaces in between your search strings, e.g. CN=abcd,DN=abcd

Hope this helps,

Dan

Actions

This Discussion