The LDAP Group Query in Gateway Is Not Showing Results
Article ID: 131156
STARTER PACK-7CA Rapid App SecurityCA API Gateway
When running a group LDAP query, no results will be found.
The following log entry can be seen in the SSG logs indicating the failure to return results:
INFO com.l7tech.external.assertions.ldapquery.server.ServerLDAPQueryAssertion: 9027: The search filter (&(objectClass=user)(sAMAccountName=<name>)(memberof:1.2.840.1135184.108.40.2061:=CN=<CN>,OU=groups,OU=<OU>,DC=<DC>,DC=com)) did not return any ldap entry
This is a defect - DE413457 - which will be resolved in a future release through a cumulative release (CR).
This issue affects Gateway versions 9.4 CR1 and 9.3 CR4.
To resolve this issue, the AAR file for the LDAP Query Assertion simply needs to be rolled back to one minor version earlier. When the commands below mention LDAPQueryAssertion-9.4.00.aar, please replace it with LDAPQueryAssertion-9.3.00.aar if this is being applied to the 9.3 CR4 version.
SCP the LDAPQueryAssertion-9.4.00.aar (or LDAPQueryAssertion-9.3.00.aar) using the ssgconfig user
Run the following command: chown layer7:layer7 /home/ssgconfig/LDAPQueryAssertion-9.4.00.aar
Run the following command: chmod 444 /home/ssgconfig/LDAPQueryAssertion-9.4.00.aar
Finally, run the following command: mv /home/ssgconfig/LDAPQueryAssertion-9.4.00.aar /opt/SecureSpan/Gateway/runtime/modules/assertions/
Restart the Gateway service: service ssg restart
Test the service with the LDAP Query assertion.
These AAR files for both 9.4 and 9.3 are attached to this support case. Download the one for the appropriate version of Gateway being run.