How to find user in nested group from Policy Server


Article ID: 194937


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER



We're running a Policy Server and it fails to find a user from a
nested group when the nested group is configure in a Policy. How can
we see if the LDAP User Store has the user defined in the given nested
group, and that group is reachable from the Policy Server ?




Policy Server all versions;




Open a console on the Policy Server machine and run the following
command (Linux sample) :

  # ldapsearch "-b DC=users,DC=training,DC=com" "-D \
    CN=myadmin,DC=users,DC=training,DC=com" -w password \
    -v -h -p 636 -P /opt/CA/siteminder/certs \
    "(member:1.2.840.113556.1.4.1941:=CN=jsmith,OU=mygroup1,OU=mygroup2,DC=users,DC=training,DC=com)" -t

  gather all the files you'll find in the tmp folder. One of them
  should report the user "jsmith".

From the command above, you obviously change the value according to
your environment :

   Base DN : -b DC=users,DC=training,DC=com
   The Admin you use to connect the LDAP Store : -D CN=myadmin,DC=users,DC=training,DC=com 
   The Admin's password : -w password
   The LDAP User Store IP : -h
   The LDAP User Store Port : -p 636
   The db where certificates for the LDAP User Store : -P /opt/CA/siteminder/certs
   The User you're looking for : CN=jsmith,OU=mygroup1,OU=mygroup2,DC=users,DC=training,DC=com