This post is more than 5 years old
1 Rookie
•
9 Posts
0
7496
October 18th, 2016 09:00
Unity LDAP group problems
Hi all,
We have Unity 600F. We are successfully able to configure LDAP and added AD group of users with administrator role. Worked great, until now. Now when users from the group try to login they get following message:
Unity says: The logged in user is not authorized to access unisphere.
And in unity logs it does say that authentication is successful.
Then I added that user separately as an LDAP user without group and then he was able to login without any errors.
Anyone knows what might be the cause?
No Events found!
kkra1
1 Rookie
•
9 Posts
0
October 20th, 2016 12:00
https://support.emc.com/kb/489436
Found this kb and it solved my issue. LDAP group name is case sensitive.
But, still it should have just shown as failed role mapping instead of successful.
Anyhow, it is working now.
maniemc
169 Posts
1
October 19th, 2016 05:00
it looks like, user is ok but the group membership is not able to validate/verify.
Something must have changed at the AD - can you check the group details with the domain admin, including any audit history of what is changed?
kkra1
1 Rookie
•
9 Posts
0
October 20th, 2016 09:00
Thank you maniemc for reply.
Checked with domain admin. No changes have been made at AD at all.
I found something else too. I deleted that LDAP group and also LDAP user. Then tried to login and gave me same message. So this message appears when user from AD is trying to login to Unity, but is not have been added to Unity as an LDAP user. Even if user has been added as through an LDAP group, it's not working. But once user has been added as an LDAP user to Unity, it works fine.
So I am thinking even though it says role mapping successful for adding an LDAP group, it is actually not adding that group.
Thank you!
Rainer_EMC
4 Operator
•
8.6K Posts
1
October 20th, 2016 13:00
thanks for the feedback
yes some things in Unix are historically case sensitive
Windows is more often just case preserving