LDAP authentication and authorization with OU's not working

book

Article ID: 166676

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

Using LDAP authentication, and the user is under OU's, it is not working.

Depending on the Policy configured, for example, if the default policy is "DENY", and Authorization is configured as GROUP - Selecting OU's, user will not be able to access Internet. The User will get the Access Denied page.

Another symptom you may notice from a packet capture is when LDAP does a compare request, the LDAP server responds with "No Such Attribute".

Resolution

The problem is that an OU is a container and not a Group. The User must be a member of a Group.

With ProxySG, what can be defined for authorization is only LDAP Username or Groups or LDAP attributes. 

Below are links that are useful for settings up LDAP Authentication and Authorization.

SGOS 5
https://bto.bluecoat.com/doc/8527

SGOS 4
https://bto.bluecoat.com/doc/587

Attachments