How to find user in nested group from Policy Server

book

Article ID: 194937

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

 

We're running a Policy Server and it fails to find a user from a
nested group when the nested group is configure in a Policy. How can
we see if the LDAP User Store has the user defined in the given nested
group, and that group is reachable from the Policy Server ?

 

Environment

 

Policy Server all versions;

 

Resolution

 

Open a console on the Policy Server machine and run the following
command (Linux sample) :

  # ldapsearch "-b DC=users,DC=training,DC=com" "-D \
    CN=myadmin,DC=users,DC=training,DC=com" -w password \
    -v -h 10.0.0.1 -p 636 -P /opt/CA/siteminder/certs \
    "(member:1.2.840.113556.1.4.1941:=CN=jsmith,OU=mygroup1,OU=mygroup2,DC=users,DC=training,DC=com)" -t

  gather all the files you'll find in the tmp folder. One of them
  should report the user "jsmith".

From the command above, you obviously change the value according to
your environment :

   Base DN : -b DC=users,DC=training,DC=com
   The Admin you use to connect the LDAP Store : -D CN=myadmin,DC=users,DC=training,DC=com 
   The Admin's password : -w password
   The LDAP User Store IP : -h 10.0.0.1
   The LDAP User Store Port : -p 636
   The db where certificates for the LDAP User Store : -P /opt/CA/siteminder/certs
   The User you're looking for : CN=jsmith,OU=mygroup1,OU=mygroup2,DC=users,DC=training,DC=com