cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
445
Views
4
Helpful
4
Replies

NAC AD SSO Mapping Rules

alex goshtaei
Level 1
Level 1

Hi,

I've configured AD SSO and chose "ldap lookup server" to none and everything worked fine and put all users to default role in AD SSO configuration.

Now I need to configure different user role based on user membership in AD. So I configured lookup server and add it to AD SSO server. then confiured mapping rules and put "memberof" attribute in LDAP. But it doesn't work. still all users login to the default role, and it seems LDAP lookup server and mapping rules doesn't receive memberof attribute from AD.

any suggestion would be very appreciated.

thanks

Alex

4 Replies 4

Faisal Sehbai
Level 7
Level 7

Alex,

Check with Auth Test to see what attributes are being returned with your LDAP server.

Faisal

Hi Faisal,

in auth test tab, I don't see AD SSO or lookup server as provider.

thanks again,

Alex

Alex,

Depends on the version if they would be visible or not, but you can also setup a LDAP lookup server with the same settings as your lookup server and do an auth test with that.

HTH,

Faisal

Alex,

Check your string, it must be "memberOf", use capital "O". also, there must be no spaces in between your search strings, e.g. CN=abcd,DN=abcd

Hope this helps,

Dan

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: