LDAP authentication and authorization with OU's not working
search cancel

LDAP authentication and authorization with OU's not working


Article ID: 166676


Updated On:


ProxySG Software - SGOS Advanced Secure Gateway Software - ASG ISG Proxy Secure Web Gateway


Using LDAPĀ authentication, and the user is under OU's, it is not working.

Depending on the Policy configured, for example, if the default policy is "DENY", and Authorization is configured as GROUP - Selecting OU's, user will not be able to access Internet. The User will get the Access Denied page.

Another symptom you may notice from a packet capture is when LDAP does a compare request, the LDAPĀ server responds with "No Such Attribute".


The problem is that an OU is a container and not a Group. The User must be a member of a Group.

With ProxySG, what can be defined for authorization is only LDAP Username or Groups or LDAP attributes. 

Below are links that are useful for settings up LDAP Authentication and Authorization:

Setting up and configuring LDAP authentication on the ProxySG or Advanced Secure Gateway

Configure LDAP Authentication

Solution for Integrating Authentication Using LDAP