The LDAP Group Query in Gateway Is Not Showing Results

book

Article ID: 131156

calendar_today

Updated On:

Products

STARTER PACK-7 CA Rapid App Security CA API Gateway

Issue/Introduction

  • When running a group LDAP query, no results will be found.
  • The following log entry can be seen in the SSG logs indicating the failure to return results:
    • INFO com.l7tech.external.assertions.ldapquery.server.ServerLDAPQueryAssertion: 9027: The search filter (&(objectClass=user)(sAMAccountName=<name>)(memberof:1.2.840.113556.1.4.1941:=CN=<CN>,OU=groups,OU=<OU>,DC=<DC>,DC=com)) did not return any ldap entry

Cause

  • This is a defect - DE413457 - which will be resolved in a future release through a cumulative release (CR).

Environment

  • This issue affects Gateway versions 9.4 CR1 and 9.3 CR4.

Resolution

  • To resolve this issue, the AAR file for the LDAP Query Assertion simply needs to be rolled back to one minor version earlier. When the commands below mention¬†LDAPQueryAssertion-9.4.00.aar, please replace it with¬†LDAPQueryAssertion-9.3.00.aar if this is being applied to the 9.3 CR4 version.
  1. SCP the LDAPQueryAssertion-9.4.00.aar (or LDAPQueryAssertion-9.3.00.aar) using the ssgconfig user
  2. Run the following command: chown layer7:layer7 /home/ssgconfig/LDAPQueryAssertion-9.4.00.aar
  3. Run the following command: chmod 444 /home/ssgconfig/LDAPQueryAssertion-9.4.00.aar
  4. Finally, run the following command: mv /home/ssgconfig/LDAPQueryAssertion-9.4.00.aar /opt/SecureSpan/Gateway/runtime/modules/assertions/
  5. Restart the Gateway service: service ssg restart
  6. Test the service with the LDAP Query assertion.

Additional Information

  • These AAR files for both 9.4 and 9.3 are attached to this support case. Download the one for the appropriate version of Gateway being run.

Attachments

1558537199895LDAPQueryAssertions.zip get_app