Issue assigning to groups in active directory

This topic has 1 reply, 1 voice, and was last updated 1 day, 12 hours ago by hakon_bommen.

  • Author
    Posts
  • #27190
     hakon_bommen
    Participant

    We are having this strange issue. We can create and maintain user attributes through our ldap connection against AD. We do experience a problem using the ldapGroups attribute on an assignment in order to assign the user to an ad group.

    I have added the base context to the connector, and manually added the users the group with the same credentials as IDM to check permissions. There is nothing in the logs. Any ideas on what to try next?

    #27238
     hakon_bommen
    Participant

    Problem solved.

    It turned out there were two AD servers and the DNS lookup returned either on a round-robin based tactic. When IDM logged in on one server and tried to update a user on the other it would fail, which happened about half of the time. We switched the url to reference the same server every time and now the failures seem to be a thing of the past.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

©2019 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?