When running Policy Server, it can occur that after successful
authentication, the Policy Server gets an LDAP error when authorizing
the user from LDAP User Directory. The user is member of a Nested
Group, Policy Server reports an error when looking at another LDAP
Group and find the user in the Nested Group.
Why is the user not granted to access the application ?
The authentication doesn't occurs on the group, but on the user itself
only. Now as you've configured Nested Group for authorization in the
Policy, the Policy Server needs to find it in group without
error. Even if the error occurs on another Group during the search.
As the groups search brings an unexpected error, then as security
software, Policy Server has no way to determine if the user found is
correct or not. The Policy Server cannot predict these errors.