ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Authorization Nested Group error

book

Article ID: 214102

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

 

When running Policy Server, it can occur that after successful
authentication, the Policy Server gets an LDAP error when authorizing
the user from LDAP User Directory. The user is member of a Nested
Group, Policy Server reports an error when looking at another LDAP
Group and find the user in the Nested Group.

Why is the user not granted to access the application ?

 

Resolution

 

The authentication doesn't occurs on the group, but on the user itself
only. Now as you've configured Nested Group for authorization in the
Policy, the Policy Server needs to find it in group without
error. Even if the error occurs on another Group during the search.

As the groups search brings an unexpected error, then as security
software, Policy Server has no way to determine if the user found is
correct or not. The Policy Server cannot predict these errors.